Posted: 2 Min ReadFeature Stories

BlackHat 2019: Research Finds Electric Motors Vulnerable to Hackers

As Electric Motors transform old industries, digitization also presents new challenges for security managers

Around the world, electric motors (EMs) account for more than 40 percent of annual global electricity consumption. But when any kind of hardware is dependent upon bits and bytes, the potential for mischief adds a new element of security risk to the equation.

So it is with EMs, which play an increasingly important role in moving transportation away from its dependence upon fossil fuels. 

In Germany, for instance, EMs play a central part in tests now underway of an electric highway for trucks. Similarly, former diesel-burning ferries are being retrofitted with EMs as more nations around the world transform their older fleets into hybrid-electric and fully electric ferries. And in California, state officials are preparing for a future of zero-emission transportation, complete with self-driving cars, another use case where EMs loom large in an ambitious transformation plan.

All told, the EM market is expected to reach $150 billion by 2024.

Until now, there have been no major problems reported with hackers targeting EMs to wreak havoc. But that may be only a matter of time.

In a presentation at the BlackHat 2019 security conference on Wednesday, Matthew Jablonski, a PhD student at George Mason, cautioned that EMs are vulnerable to targeted attacks which could result in physical damage and loss of life.

Jablonski shared a wide-scale analysis his research team at George Mason’s Radar and Radio Engineering Lab did of EMs and their application in real-world SCADA and transportation systems, analyzing attack techniques and success hackers had disrupting their targets.

“In any critical infrastructure system, safety has been a priority,” Jablonski said, adding that systems are designed with safeguards to react when something goes wrong.

At the same time, however, he noted that security risks are going to be different for different systems and that vulnerabilities are system-specific. As more EMs get put into use where they are digitally controlled, he painted several scenarios in which hackers could wreak havoc.

While they ranged in sophistication, the different attack scenarios presented by Jablonski spotlighted what’s likely to be a growing challenge to security managers over the next several years: How to stop hackers working on behalf of nation-states, cyber criminals or malicious insiders from attacking EMs with the goal of hindering operations or even bringing them to a complete halt.   

The types of failures they found included loss of control, wearing down components, limiting torque, over-rotating servo motors, fire, and some unintentional impacts of interfering with Pulse Width Modulation (PWM), a term for a type of digital signal. Jablonski said attack techniques run the gamut from pin-control attacks against PWM, DOS or injection network attacks to sensor attacks, and exploitation of the lack of security controls of software libraries on controllers

Symantec at Black Hat 2019
Symantec at Black Hat 2019

About the Author

Charles Cooper

Consulting Editor

Charles Cooper has covered technology and business for more than 25 years. He is now assisting Symantec with our blog writing and managing our editorial team.