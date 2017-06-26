Several years ago we made a security assessment of SCADA & ICS mobile clients. We reviewed remote HMIs, historian and MES clients and even PLC configuration and programming applications for your Android smartphone. The results were a little scary: through all reviewed apps, only one(!) was without major security flaws. By that time mobile SCADA client was a kind of caprice, however now, with the widespread IoT, which even touched ICS infrastructures, more and more vendors start to create mobile application for their industrial software and hardware.



In this talk we want to make another review of current status of mobile applications for ICS systems. One task is to compare the security of today's applications and how it's changed in accordance to the previous years. Also, we will discuss the most common vulnerabilities in such systems, however with main targeting on risks that arise with using mobile apps in your industrial infrastructure. In the end of the talk, possible attacks on ICS infrastructure through compromised smartphone with mobile SCADA/whatever client will be shown, along with discussion whether it is SAFE to allow mobile applications to interact with your ICS infrastructure. Also, we will provide the detailed statistics of found flaws and invalid security(& safe!) approaches.