Related papers: Under Pressure: Security Analysis and Process Impacts of a Commercial Smart Air Compressor

Under Pressure: Security Analysis and Process Impacts of a Commercial Smart Air Compressor

URL: http://arxiv.org/abs/2510.19772v2
Date: Thu, 23 Oct 2025 17:37:33 GMT
Title: Under Pressure: Security Analysis and Process Impacts of a Commercial Smart Air Compressor
Authors: Jad Zarzour, Matthew Jablonski,
Abstract summary: The integration of Industrial Internet of Things (IIoT) devices into manufacturing environments has accelerated the transition to Industry 4.0.<n>This paper conducts a comprehensive security analysis of a commercial smart air compressor, revealing critical vulnerabilities.
Score: 0.0
License: http://creativecommons.org/licenses/by-nc-nd/4.0/
Abstract: The integration of Industrial Internet of Things (IIoT) devices into manufacturing environments has accelerated the transition to Industry 4.0, but has also introduced new cybersecurity risks. This paper conducts a comprehensive security analysis of a commercial smart air compressor, revealing critical vulnerabilities including hardcoded credentials, unauthenticated APIs, and an insecure update mechanism. It includes a formal threat model, demonstrates practical attack scenarios in a testbed environment, and evaluates their subsequent impact on an industrial process, leading to denial of service and the corruption of critical process telemetry. In addition, an analysis of the device's supply chain reveals how product integration from multiple vendors and limited security considerations can expose a device to threats. The findings underscore the necessity of incorporating cybersecurity principles into both IIoT device design and supply chain governance to enhance resilience against emerging industrial cyber threats.

Related papers

ORCA -- An Automated Threat Analysis Pipeline for O-RAN Continuous Development [57.61878484176942]
Open-Radio Access Network (O-RAN) integrates numerous software components in a cloud-like deployment, opening the radio access network to previously unconsidered security threats.<n>Current vulnerability assessment practices often rely on manual, labor-intensive, and subjective investigations, leading to inconsistencies in the threat analysis.<n>We propose an automated pipeline that leverages Natural Language Processing (NLP) to minimize human intervention and associated biases.
arXiv Detail & Related papers (2026-01-20T07:31:59Z)
CoFacS -- Simulating a Complete Factory to Study the Security of Interconnected Production [2.0766068042442174]
CoFacS is the first COmplete FACtory Simulation that replicates an entire production line and affords the integration of real-life industrial applications.<n>We show that CoFacS has a maximum deviation of 0.11% to the physical reference, which enables us to study the impact of physical attacks or network-based cyber-attacks.
arXiv Detail & Related papers (2025-08-20T08:36:55Z)
CyFence: Securing Cyber-Physical Controllers via Trusted Execution Environment [45.86654759872101]
Cyber-physical systems (CPSs) have experienced a significant technological evolution and increased connectivity, at the cost of greater exposure to cyber-attacks.<n>We propose CyFence, a novel architecture that improves the resilience of closed-loop control systems against cyber-attacks by adding a semantic check.<n>We evaluate CyFence considering a real-world application, consisting of an active braking digital controller, demonstrating that it can mitigate different types of attacks with a negligible overhead.
arXiv Detail & Related papers (2025-06-12T12:22:45Z)
Position: Mind the Gap-the Growing Disconnect Between Established Vulnerability Disclosure and AI Security [56.219994752894294]
We argue that adapting existing processes for AI security reporting is doomed to fail due to fundamental shortcomings for the distinctive characteristics of AI systems.<n>Based on our proposal to address these shortcomings, we discuss an approach to AI security reporting and how the new AI paradigm, AI agents, will further reinforce the need for specialized AI security incident reporting advancements.
arXiv Detail & Related papers (2024-12-19T13:50:26Z)
VMGuard: Reputation-Based Incentive Mechanism for Poisoning Attack Detection in Vehicular Metaverse [52.57251742991769]
vehicular Metaverse guard (VMGuard) protects vehicular Metaverse systems from data poisoning attacks.<n>VMGuard implements a reputation-based incentive mechanism to assess the trustworthiness of participating SIoT devices.<n>Our system ensures that reliable SIoT devices, previously missclassified, are not barred from participating in future rounds of the market.
arXiv Detail & Related papers (2024-12-05T17:08:20Z)
ACRIC: Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
Recent security incidents in safety-critical industries exposed how the lack of proper message authentication enables attackers to inject malicious commands or alter system behavior.<n>These shortcomings have prompted new regulations that emphasize the pressing need to strengthen cybersecurity.<n>We introduce ACRIC, a message authentication solution to secure legacy industrial communications.
arXiv Detail & Related papers (2024-11-21T18:26:05Z)
Enhancing Enterprise Security with Zero Trust Architecture [0.0]
Zero Trust Architecture (ZTA) represents a transformative approach to modern cybersecurity. ZTA shifts the security paradigm by assuming that no user, device, or system can be trusted by default. This paper explores the key components of ZTA, such as identity and access management (IAM), micro-segmentation, continuous monitoring, and behavioral analytics.
arXiv Detail & Related papers (2024-10-23T21:53:16Z)
Interpretable Cyber Threat Detection for Enterprise Industrial Networks: A Computational Design Science Approach [1.935143126104097]
We use IS computational design science paradigm to develop a two-stage cyber threat detection system for enterprise-level IS. The first stage generates synthetic industrial network data using a modified generative adversarial network. The second stage develops a novel bidirectional gated recurrent unit and a modified attention mechanism for effective threat detection.
arXiv Detail & Related papers (2024-09-04T19:54:28Z)
Analyzing the Attack Surface and Threats of Industrial Internet of Things Devices [4.252049820202961]
The growing connectivity of industrial devices as a result of the Internet of Things is increasing the risks to Industrial Control Systems. We present a systematic and holistic procedure for analyzing the attack surface and threats of Industrial Internet of Things devices.
arXiv Detail & Related papers (2024-05-25T17:55:23Z)
Leveraging Traceability to Integrate Safety Analysis Artifacts into the Software Development Process [51.42800587382228]
Safety assurance cases (SACs) can be challenging to maintain during system evolution. We propose a solution that leverages software traceability to connect relevant system artifacts to safety analysis models. We elicit design rationales for system changes to help safety stakeholders analyze the impact of system changes on safety.
arXiv Detail & Related papers (2023-07-14T16:03:27Z)
A Framework for Evaluating the Cybersecurity Risk of Real World, Machine Learning Production Systems [41.470634460215564]
We develop an extension to the MulVAL attack graph generation and analysis framework to incorporate cyberattacks on ML production systems. Using the proposed extension, security practitioners can apply attack graph analysis methods in environments that include ML components.
arXiv Detail & Related papers (2021-07-05T05:58:11Z)

This list is automatically generated from the titles and abstracts of the papers in this site.