Honeywell’s industrial Android devices open to serious remote attack

Android-powered mobile devices from commercial and aerospace tech vendor Honeywell have a serious flaw that remote attackers could exploit to gain a foothold in critical infrastructure providers. 

The US DHS’s Industrial Control Cyber Emergency Response Team (ICS-CERT) put out an alert on Thursday warning Honeywell customers about a dozen of its handheld Android models that could give a remote attacker access to sensitive information, including passwords. 

The privilege management vulnerability can be exploited if an attacker was able to install a malicious app on the affected Android device. 

“A skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges,” ICS-CERT warned

Should such an advanced attacker exploit this vulnerability they could gain access to keystrokes, passwords, personal identifiable information, photos, emails, or business-critical documents, according  to ICS-CERT.

Many of the devices are ruggedized mobile computers used for logistics, warehouses, and in remote field operations. 

ICS-CERT notes that affected organizations could be from sectors including commercial facilities, critical manufacturing, energy, healthcare and public health.    

Affected devices include Honeywell’s CT60, CN80, CT40, CK75, CN75, CT50, D75e, CN51, and its ScanPal EDA series devices. The devices are running versions of Android between 4.4 KitKat to Oreo 8.1. 

Google’s Android team coordinated with Honeywell to report the issue to DHS’s National Cybersecurity & Communications Integration Center (NCCIC). 

ICS-CERT notes that there are no known exploits for this bug and that an attacker would need a high skill level to exploit it.  

Honeywell has released updates for each of the affected versions of Android and recommends its customers only permit a whitelist of trusted apps to be installed on its devices. 

NCCIC further recommends that all control system devices are not accessible from the internet, and to position these devices behind a firewall as well as isolate them from the business network.   


Show Comments