WP-024-2020: The risk of using web interfaces remotely

ENCS recommends to avoid remotely managing field devices, such as RTUs, gateways, and data concentrators, through a web interface. Engineers commonly use a web interface to configure and maintain devices, as they provide easy access. But by using it they may inadvertently help to spread attacks.

Attackers can hop from one field device to many others through the engineer’s web browser. The attack would consist of two steps, explained in this whitepaper:

Physically attack one field device to insert code into the web interface
Trick the browser into making unwanted changes on other devices

This type of attack is hard to counter, as attackers have many options for each step. It can have large impact, as it scales a physical attack on one device to many other devices. Hence, ENCS recommends managing field devices through other means than web interfaces.

Download this document (ENCS members only)

Employees of ENCS members can download the document by entering their e-mail address below. A link to the document will be sent to the address.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.