In a blog post entitled SCADA and Mobile Security in the Internet of Things, Analysts from IOActive and Embedi recently suggested that most mobile applications used for controlling internet-connected SCADA (industrial control and supervisory control and data acquisition) are being made without giving much thought to security. This can compromise systems used to control facilities such as nuclear power plants.
Director of advisory services at IOActive Jason Larsen said that such apps are being built with the same rapid development mindset adopted by most mobile devs, instead of the measured and tested development employed in industrial control.
The researchers found that almost 94% of the apps were vulnerable to code tampering, and 59% had problems with insecure authorization. These flaws are said to be critical as they can allow attackers to access the device physically or remotely.