Saved in:
Bibliographic Details
Main Authors: Zarzour, Jad, Jablonski, Matthew
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2510.19772
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866915572047937536
author Zarzour, Jad
Jablonski, Matthew
author_facet Zarzour, Jad
Jablonski, Matthew
contents The integration of Industrial Internet of Things (IIoT) devices into manufacturing environments has accelerated the transition to Industry 4.0, but has also introduced new cybersecurity risks. This paper conducts a comprehensive security analysis of a commercial smart air compressor, revealing critical vulnerabilities including hardcoded credentials, unauthenticated APIs, and an insecure update mechanism. It includes a formal threat model, demonstrates practical attack scenarios in a testbed environment, and evaluates their subsequent impact on an industrial process, leading to denial of service and the corruption of critical process telemetry. In addition, an analysis of the device's supply chain reveals how product integration from multiple vendors and limited security considerations can expose a device to threats. The findings underscore the necessity of incorporating cybersecurity principles into both IIoT device design and supply chain governance to enhance resilience against emerging industrial cyber threats.
format Preprint
id arxiv_https___arxiv_org_abs_2510_19772
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Under Pressure: Security Analysis and Process Impacts of a Commercial Smart Air Compressor
Zarzour, Jad
Jablonski, Matthew
Cryptography and Security
The integration of Industrial Internet of Things (IIoT) devices into manufacturing environments has accelerated the transition to Industry 4.0, but has also introduced new cybersecurity risks. This paper conducts a comprehensive security analysis of a commercial smart air compressor, revealing critical vulnerabilities including hardcoded credentials, unauthenticated APIs, and an insecure update mechanism. It includes a formal threat model, demonstrates practical attack scenarios in a testbed environment, and evaluates their subsequent impact on an industrial process, leading to denial of service and the corruption of critical process telemetry. In addition, an analysis of the device's supply chain reveals how product integration from multiple vendors and limited security considerations can expose a device to threats. The findings underscore the necessity of incorporating cybersecurity principles into both IIoT device design and supply chain governance to enhance resilience against emerging industrial cyber threats.
title Under Pressure: Security Analysis and Process Impacts of a Commercial Smart Air Compressor
topic Cryptography and Security
url https://arxiv.org/abs/2510.19772