Seismic monitoring devices connected to the Internet are vulnerable to cyberattacks that could disrupt data collection and processing. Unencrypted data, insecure protocols and poor user authentication mechanisms are among of the biggest problems that make seismological networks vulnerable to hacks, said Michael Samios of the National Observatory of Athens.

Modern seismic stations are now implemented as IoT stations with physical devices that connect and exchange data with other devices and systems over the Internet. Experts have found a number of problems during experimental attacks on seismographs, accelerographs and satellite navigation system (GNSS) receivers from various manufacturers.

Exploitation of vulnerabilities allows attackers to alter geophysical data, slow down the transmission and processing of information, or produce false alarms in earthquake early warning systems, as a result of which the public lose trust in seismic monitoring and can potentially affect emergency and economic measures.

As part of the experiments, the research team was also able to intercept seismological data transferred through the SeedLink data transmission service used by many seismologists. SeedLink may lack some of the necessary encryption and authentication protocols to keep data safe, Samios said.

Source: securitylab.ru