Search Engine for Security Vulnerabilities
A computer science team at Freie Universität has developed software that scans the entire Internet for security gaps.
Nov 18, 2020
In June 2010 Belarusian information technology experts discovered a new type of computer worm called Stuxnet. Apparently, it was specifically programmed to attack Siemens software that is used worldwide to control industrial plants. At the time, it particularly affected computer systems in Iran. “The incident created a new awareness of how vulnerable industrial plants can be to digital attacks,” says Volker Roth. “They can affect the manufacturing plant of a medium-sized company as well as a large power plant.”
Volker Roth is a professor of computer science at Freie Universität and heads the Secure Identity group, which studies the digital security of industrial plants, among other things. Roth and his team have developed software that is used by numerous companies to identify their own weak points in the Internet. Several doctoral students supervised by Roth have now founded their own company.
“The project came about when students spontaneously approached me after a lecture,” says Volker Roth. “They wanted to learn more about the practical aspects of information security. Influenced by Stuxnet, we decided to devote ourselves to the IT security of industrial plants.” They started a research project that got bigger and bigger over the years. Johannes Klick, who now heads Alpha Strike Labs, was involved from the beginning. “First of all, we wanted to assess the extent of the threat,” he said. “But there were no reliable data. So, we decided to build our own scanner.”
Program Checks IP Addresses for Possible Points of Attack
As part of his master’s thesis, Klick developed the prototype for a program that searches the Internet for security vulnerabilities. Later, as a doctoral student, he developed the software further. Computer scientists Jan-Ole Malchow, Daniel Marzin, and Stephan Lau were also involved. As part of a project funded by the German Federal Ministry of Education and Research, the Secure Identity Group was able to spend around one milllion euros on research into the security of industrial plants. The insurance group Münchner Rück was also one of the project partners. When the funds ran out in 2018, Klick and his colleagues decided to start a company.
Johannes Klick compares the way the program works with the well-known Google car that photographs streets around the world for the Google Maps platform. “Our scanner moves through the Internet with a large number of IP addresses and takes photos,” he says. “We can then spot at which house a door was accidentally left open.” This creates a huge database with possible points of attack. Companies are allowed to use it for a fee. Using a specially developed search engine, they can find their own weak points.
The software belongs to Freie Universität. Alpha Strike Labs is a licensee. Alpha Strike Labs has refined the program so that it is easy for businesses to use. “The program often reveals a much larger vulnerability than the company is aware of,” says Klick
Companies usually check the security of their information technology using penetration tests, whereby cyber security providers simulate a hacker attack in order to identify possible weak points. “One weakness of these tests is that only addresses are attacked that the company knows about,” says Klick. There are often a large number of other possible points of access. Klick points out that sometimes employees use a cloud service without the IT security department being aware of it, or a webserver was forgotten because the person responsible for it retired. Access to critical company systems can sometimes be obtained via supplier networks.
Security Gaps in German Coal-fired Power Plants and in Hospitals
“On the way to Industry 4.0, the issue of cybersecurity in industrial plants is becoming more and more important,” says Volker Roth and continues, “Critical infrastructures that keep our society alive need to be protected better.” Johannes Klick reports that the software regularly uncovers security gaps, in German coal-fired power plants as well as in hospitals, including during the ongoing coronavirus pandemic. He says, “The major weak points are outdated operating systems and web applications as well as insecure remote maintenance services. Sometimes software is in use that has not been updated for years.” In those cases, users are helpless against the attackers’ new methods.
Alpha Strike Labs reports serious security gaps in system-relevant infrastructures to the German Federal Office for Information Security (BSI), which takes appropriate steps. For security reasons, the company does not offer its service to private individuals, but only to verified companies within the European Union and NATO. “We work in a highly sensitive area,” says Klick, “and we are aware of our responsibility.”
This text originally appeared in German on October 4, 2020, in the Tagesspiegel newspaper supplement published by Freie Universität.
Professor Dr.-Ing. Volker Roth, Freie Universität Berlin, Institute of Computer Science, Secure Identity Group, Email: volker.roth - at - fu-berlin.de