BorderHawk, a Georgia cybersecurity and cyber intelligence firm, recently revealed that vulnerabilities in remote power managers (RPMs), widely used on large installations, may affect thousands of companies across the country. Poor quality control in the supply chain of the affected equipment, mostly coming from China, could be the cause.
Large network vendors work with thousands of suppliers worldwide to provide all of the necessary elements, and most of the configurations are done automatically by specialized software that includes all the elements necessary to install or upgrade an installation.
Normally when looking for potential security holes in a sophisticated network installation, security technicians are checking the most critical systems, such as servers, switches, access points and connected appliances. Those are the ones that usually need to be monitored and audited constantly and checked to ensure their security profiles are intact, and that any patches and updates are applied.
But there are other less complex devices which are part of the network that don’t get the same treatment because they are not considered a significant security risk. Parts such as power supplies, antennas, cables and power relays, among others are just there performing very simple tasks, and usually just need to be replaced when they fail or cease to function properly.
Security audits in the supply chain of the critical components is usually performed in detail and thoroughly. But those low-tech components are just line items in a long list of pieces in a network and they are usually overlooked.
BorderHawk didn't set out to search for vulnerabilities in RPM devices. While working on another project at a large energy firm, its researchers noticed a steady stream of alerts about unusual traffic on their client's network, said Matt Caldwell, the company's chief security researcher.
The very simple RPMs consist of a five-by-six inch box containing two power outlets to plug in equipment, as well as an Ethernet and serial ports for monitoring the basic network functions, and perform hard boots of the devices.
While doing the initial testing, BorderHawk’s technicians saw an unusual stream of traffic on the network. It was disguised as coming from a well-known contractor, one that had no connection to the power company. But the destination of the traffic was servers located in Europe, Russia and South Korea.
After performing additional research and monitoring, the BorderHawk security experts were able to determine data had been leaked to those destinations for over a year.
Security researchers agree these types of vulnerabilities are quite common and not detected easily. Organizations are constantly adding more networking devices and equipment to their business operations, many that are inexpensively made overseas, and are often plugging in insecure equipment loaded with vulnerabilities.
BorderHawk did not want to name the company that makes the flawed hardware. They recommend that IT managers perform a security audit of the devices, identify their origin, and ensure that they have been updated with newer software and firmware.
The affected RPMs can come from two different channels:
Security experts agree the flaws BorderHawk uncovered could also be present in many other types of devices, including inexpensive hardware from small vendors. And security holes could be also present in other types of connected equipment, including industrial control systems and the new wave of Internet of Things (IoT) devices.
The way technology vendors are sourcing and building their products is the main cause of the problem, as those vendors are relying more and more on a complex network of manufacturers and suppliers who operate with little or no oversight and quality control.
These issues could be avoided if the supply chain for electronics were examined as closely as the supply chain for food. Vendors need to regain control of their quality control and customers need to be more conscious about the products installed in their facilities, performing the necessary quality and monitoring tests of all equipment before it goes live in their networks.