"Tests Reveal Cybersecurity Vulnerabilities of Common Seismological Equipment"
A new study by Michael Samios of the National Observatory of Athens and his colleagues highlights the cybersecurity vulnerabilities of internet-connected seismic equipment, used to detect and record earthquakes. Common security issues associated with such equipment include non-encrypted data, insecure protocols, and inadequate user authentication mechanisms. These issues leave seismological networks vulnerable to security breaches. Modern seismic stations are being implemented as Internet-of-Things (IoT) stations, consisting of physical devices that connect with other devices and transfer data via the Internet. The researchers tested attacks on various brands of seismographs, accelerographs, and (Global Navigation Satellite System) receivers. Samios and his colleagues demonstrated the launch of Denial-of-Service (DoS) attacks against the devices. The DoS attacks led to the unavailability of devices and enabled the recovery of usernames and passwords. Through these attacks, they identified threats to the equipment that are commonly found in IoT devices. The exploitation of vulnerabilities in seismic monitoring devices could allow malicious actors to alter geographical data, slow down the transmission of data, produce false alarms in earthquake early warning systems, and more. These attacks have the potential to damage public trust and to impact emergency and economic responses to a seismic event. This article continues to discuss the new study and its findings on the vulnerability of seismological equipment to cyberattacks, and what could be done to improve the security of this equipment.