Under Pressure: Security Analysis and Process Impacts of a Commercial Smart Air Compressor

TL;DR

This paper analyzes the cybersecurity vulnerabilities of a commercial smart air compressor within an industrial setting, demonstrating practical attack scenarios and emphasizing the importance of security in IIoT device design and supply chains.

Contribution

It provides a comprehensive security assessment of a real-world IIoT device, including threat modeling, attack demonstrations, and supply chain analysis, highlighting critical vulnerabilities and mitigation needs.

Findings

Identified hardcoded credentials and insecure APIs in the device

Demonstrated practical attack scenarios causing process disruption

Highlighted supply chain security risks affecting device integrity

Abstract

The integration of Industrial Internet of Things (IIoT) devices into manufacturing environments has accelerated the transition to Industry 4.0, but has also introduced new cybersecurity risks. This paper conducts a comprehensive security analysis of a commercial smart air compressor, revealing critical vulnerabilities including hardcoded credentials, unauthenticated APIs, and an insecure update mechanism. It includes a formal threat model, demonstrates practical attack scenarios in a testbed environment, and evaluates their subsequent impact on an industrial process, leading to denial of service and the corruption of critical process telemetry. In addition, an analysis of the device's supply chain reveals how product integration from multiple vendors and limited security considerations can expose a device to threats. The findings underscore the necessity of incorporating cybersecurity principles into both IIoT device design and supply chain governance to enhance resilience against emerging industrial cyber threats.