{"id":1243,"date":"2023-05-28T12:09:54","date_gmt":"2023-05-28T09:09:54","guid":{"rendered":"https:\/\/zerontek.com\/zt\/?p=1243"},"modified":"2023-05-28T12:09:54","modified_gmt":"2023-05-28T09:09:54","slug":"ot-hunt-inhand-industrial-router","status":"publish","type":"post","link":"https:\/\/zerontek.com\/zt\/2023\/05\/28\/ot-hunt-inhand-industrial-router\/","title":{"rendered":"OT Hunt: Inhand industrial router"},"content":{"rendered":"\n<p>This is the 6th topic of \u201c<a rel=\"noreferrer noopener\" href=\"https:\/\/zerontek.com\/zt\/category\/ot-hunt\/\" target=\"_blank\">OT Hunt<\/a>\u201d. These topics expose ICS\/OT devices that are connected to the internet. The goal is to build an awareness for the ICS community. This kind of research is also a warning message for asset owners and ICS\/OT vendors to secure their their assets\u2019 attack surfaces.<\/p>\n\n\n\n<p>In this article,I will target iIoT devices. The targeted vendor is<a href=\"https:\/\/www.inhandnetworks.com\/\" target=\"_blank\" rel=\"noreferrer noopener\"> InaHand Networks<\/a>. InaHand Networks is a company that specializes in industrial IoT solutions. In this article, I will focus on routers: InRouter 615 (IR615) and InRouter 302 (IR302). InHand industrial routers are designed to enable secure and reliable connectivity for industrial applications, facilitating data exchange, monitoring, and control in industrial environments.<\/p>\n\n\n\n<p>The following keywords\/dorks I used to search for IR615 and  IR302 consecutively on Shodan search engine, please check out my <a rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/selmux\/ICS-Security\/blob\/main\/ICS-OT-iIoT%20dorks\/iIoT\/iIoT%20vendors-shodan\" target=\"_blank\">ICS-OT-iIoT dorks project<\/a> at GitHub:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>http.html:\"IR615\"\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>http.html:\"IR302\"<\/code><\/pre>\n\n\n\n<p>The search for IR615 yielded 23 devices, most of them are located in China . There are  web severs for the devices for  managing settings and controlling the system. The common port for IR615  is:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>8899 TCP<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2023\/05\/ir615.jpg\" alt=\"\" class=\"wp-image-1257\" width=\"226\" height=\"163\" srcset=\"https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2023\/05\/ir615.jpg 903w, https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2023\/05\/ir615-300x216.jpg 300w, https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2023\/05\/ir615-768x553.jpg 768w\" sizes=\"auto, (max-width: 226px) 100vw, 226px\" \/><\/figure>\n\n\n\n<p>IR302 yielded 21 results. They also have web interfaces. The common port for IR302  is:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>80 TCP<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2023\/05\/ir302.jpg\" alt=\"\" class=\"wp-image-1260\" width=\"228\" height=\"144\" srcset=\"https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2023\/05\/ir302.jpg 913w, https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2023\/05\/ir302-300x189.jpg 300w, https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2023\/05\/ir302-768x484.jpg 768w\" sizes=\"auto, (max-width: 228px) 100vw, 228px\" \/><\/figure>\n\n\n\n<p>Both IR302 and IR615 suffer from security issues, their  web interfaces don&#8217;t support SSL encryption. There is &#8220;no login lock&#8221; feature. They also have default credentials  : <\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>adm:123456<\/code><\/pre>\n\n\n\n<p>There is a research by <a href=\"https:\/\/www.otorio.com\/blog\/13-vulnerabilities-discovered-in-a-widely-used-industrial-router\/\" target=\"_blank\" rel=\"noreferrer noopener\">OTORIO<\/a> that discovered 13 severe vulnerabilities in those products. An attacker can exploit  InHand\u2019s cloud-based products, which can open possibilities to reach HMIs and PLCs. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"717\" src=\"https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2023\/05\/inland-v-1024x717.jpg\" alt=\"\" class=\"wp-image-1262\" srcset=\"https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2023\/05\/inland-v-1024x717.jpg 1024w, https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2023\/05\/inland-v-300x210.jpg 300w, https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2023\/05\/inland-v-768x538.jpg 768w, https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2023\/05\/inland-v-1536x1076.jpg 1536w, https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2023\/05\/inland-v.jpg 1623w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">References:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/thehackernews.com\/2023\/02\/critical-infrastructure-at-risk-from.html\">https:\/\/thehackernews.com\/2023\/02\/critical-infrastructure-at-risk-from.html<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/thehackernews.com\/2023\/01\/cisa-warns-for-flaws-affecting.html\">https:\/\/thehackernews.com\/2023\/01\/cisa-warns-for-flaws-affecting.html<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>This is the 6th topic of \u201cOT Hunt\u201d. These topics expose ICS\/OT devices that are connected to the internet. The goal is to build an awareness for the ICS community. This kind of research is also a warning message for asset owners and ICS\/OT vendors to secure their their assets\u2019 attack surfaces. In this article,I [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[170,4,3,149,150,203,81,168,48,207,5],"tags":[7,13,6,209,208,206,205,12,47,20,27],"class_list":["post-1243","post","type-post","status-publish","format-standard","hentry","category-attack-surface","category-cyber-security","category-ics-security","category-iiot","category-industry-4-0","category-inhand","category-osint","category-ot-hunt","category-ot-security","category-router","category-vendors","tag-cyber-security","tag-ics","tag-ics-security","tag-inrouter-302","tag-inrouter-615","tag-ir302","tag-ir615","tag-ot","tag-ot-security","tag-shodan","tag-zerontek"],"_links":{"self":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts\/1243","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/comments?post=1243"}],"version-history":[{"count":31,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts\/1243\/revisions"}],"predecessor-version":[{"id":1277,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts\/1243\/revisions\/1277"}],"wp:attachment":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/media?parent=1243"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/categories?post=1243"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/tags?post=1243"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}