Codename I11USION: Eleven Practical Ways to Pwn Browser-Based HMIs

In this white paper, Nozomi Networks Labs shares novel research on browser-based HMIs, following an examination of five devices from five high-profile vendors.

Learn about: 

  • New attack vectors enabled by the inclusion of a browser in an industrial system
  • 11 prevalent security risks, from well-known web issues like XSS to lesser-recognized improper file operation restrictions
  • How attackers can exploit these vulnerabilities to gain full control over a browser-based HMI, allowing them to both disrupt industrial processes and manipulate displays to hide malicious activities
  • Mitigations that end users, vendors and the broader community can adopt
View Resource

Speakers

Codename I11USION: Eleven Practical Ways to Pwn Browser-Based HMIs
White Papers

Codename I11USION: Eleven Practical Ways to Pwn Browser-Based HMIs

June 11, 2024

In this white paper, Nozomi Networks Labs shares novel research on browser-based HMIs, following an examination of five devices from five high-profile vendors.

Learn about: 

  • New attack vectors enabled by the inclusion of a browser in an industrial system
  • 11 prevalent security risks, from well-known web issues like XSS to lesser-recognized improper file operation restrictions
  • How attackers can exploit these vulnerabilities to gain full control over a browser-based HMI, allowing them to both disrupt industrial processes and manipulate displays to hide malicious activities
  • Mitigations that end users, vendors and the broader community can adopt

In this white paper, Nozomi Networks Labs shares novel research on browser-based HMIs, following an examination of five devices from five high-profile vendors.

Learn about: 

  • New attack vectors enabled by the inclusion of a browser in an industrial system
  • 11 prevalent security risks, from well-known web issues like XSS to lesser-recognized improper file operation restrictions
  • How attackers can exploit these vulnerabilities to gain full control over a browser-based HMI, allowing them to both disrupt industrial processes and manipulate displays to hide malicious activities
  • Mitigations that end users, vendors and the broader community can adopt
SPEAKERS

In this white paper, Nozomi Networks Labs shares novel research on browser-based HMIs, following an examination of five devices from five high-profile vendors.

Learn about: 

  • New attack vectors enabled by the inclusion of a browser in an industrial system
  • 11 prevalent security risks, from well-known web issues like XSS to lesser-recognized improper file operation restrictions
  • How attackers can exploit these vulnerabilities to gain full control over a browser-based HMI, allowing them to both disrupt industrial processes and manipulate displays to hide malicious activities
  • Mitigations that end users, vendors and the broader community can adopt
IN PARTNERSHIP WITH
No items found.
SPEAKERS
Watch More
|
No items found.
No items found.
No items found.
No items found.
No items found.
No items found.
No items found.
No items found.
No items found.
No items found.
No items found.
Learn more link

Codename I11USION: Eleven Practical Ways to Pwn Browser-Based HMIs

In this white paper, Nozomi Networks Labs shares novel research on browser-based HMIs, following an examination of five devices from five high-profile vendors.

Learn about: 

  • New attack vectors enabled by the inclusion of a browser in an industrial system
  • 11 prevalent security risks, from well-known web issues like XSS to lesser-recognized improper file operation restrictions
  • How attackers can exploit these vulnerabilities to gain full control over a browser-based HMI, allowing them to both disrupt industrial processes and manipulate displays to hide malicious activities
  • Mitigations that end users, vendors and the broader community can adopt

Subscribe to our newsletter

Take the next step.

Discover how easy it is to identify and respond to cyber threats by automating your IoT and OT asset discovery, inventory, and management.