Monday, June 6, 2016 - Jeff Schuyler
Many of our monitoring systems use either cellular or satellite technology to transmit data from our remote sites to a computer tasked with managing the data. This use of the technology is called "machine-to-machine" or M2M, and there are many companies now offering service plans tailored for this application. Cellular bandwidth fees are pretty inexpensive - and our data requirements are pretty low compared to the average consumer. But satellite bandwidth fees are quite a bit more expensive and restrictive in the sense that maximum usage is capped at levels much lower than cellular 'limits'. For example - a typical cellular usage plan might be something like $40 for 5GB of data a month where a satellite plan might be $44 for 2MB. This simple fact taught us a valuable lesson about something that is happening on the Internet that most of us never see. It's amazing really and it has me thinking seriously about the efficacy of connecting our infrastructure through the Internet.
The graph above shows monthly data usage at 6 sites using Galaxy Communications BGAN/M2M service. The same amount of data collected each month from each site, yet the usage in the first two months is 3-10 times greater than in the last two months. What gives?
One word - FIREWALL. During the first two months shown on the chart there was no firewall enabled which allowed any IP access to the modem. There was no real security vulnerability to the connected devices - the attached measurement controllers were not connected to any other infrastructure and there were no control capabilities built into them. What was really surprising was analyzing the packets to see what other IPs were accessing or trying to access the modems.
It was only through diligence and persistence of Eyasco employees that this was even discovered. It took many hours over several months polling through packet reports to determine the cause of the extra usage over that anticipated for data collection. Approximately 85% of the bandwidth usage without the firewall restricting traffic to a single IP is from "non-native" IPs. Good for the satellite company as this resulted in "Out-of-Bundle" usage fees of over $1000.
It is important to point out that while this level of extra-curricular traffic is huge and costly for the satellite modems - it would probably not even be noticed on a cellular modem. The satellite modems above have monthly plans of 2Mbytes each. We have a cellular plan that includes 250Mbytes for any number of modems and we rarely go over. It takes some serious IP camera viewing or web HMI viewing to jack the costs over the limit. Even then the penalty is on the order of $50 rather than $1000.
And the conclusion seems to be that there is a significant amount of effort being expended world-wide to hack into any public-facing unprotected access point!