SCADAmobile for iPhone

November 25, 2009 Leave a comment Go to comments

I just came across this iPhone App (ScadaMobile) from SweetWilliam Automation. (Company Website)

The App description states that the product can Monitor (display and change) PLC variables (tags) through local or remote wireless access.
ScadaMobile Interface

The Manual wich can be downloaded here describes how the App will access the PLCs over the internet.

“ScadaMobile is designed to communicate with PLCs without using dedicated servers or any specific software installed on a PC.

ScadaMobile communicates with OMRON PLC by sending FINS protocol commands. To establish a remote connection, a GPRS or ADSL router is needed at the PLC site, which will act as a bridge between the PLC LAN (Local Network) and the WWAN or WAN (Internet) to which a remote iPhone or iPod Touch will have access to. ” (Source: Section 4.1 in the Manual)
ScadaMobile Connectivity

As for the Security, The product seems to support VPN (L2TP/IPSEC) as well as TLS/SSL in addition to a PLC-stored password mechanism.

A password will be stored in the PLC data memory address D19998 as a 16 bit hexadecimal value (0 to FFFF) and you must match the password in your iPhone.
PLC Validation Password

My Comments:

– Apart from the Validation code, All the Network security controls are “Optional”
– No Password Complexity Requirements
– I couldn’t find anything about how the password is stored on the IPhone- But My guess that its not Encrypted. I guess I will try to find this by myself and will keep you posted.

It seems that there are many more remote access apps on the way and I would love to see independent code-security reviews on each and every one.

Finally, There are two versions from the app, ScadaMobile Lite for 3.0 $ with limitations on the number of processes. and the full version for 74.0 $.

  1. Joan
    December 16, 2009 at 9:40 pm

    Just to clarify the password concern: From ScadaMobile Version 1.1, the validation code that ScadaMobile uses to verify PLCs is encrypted using a irreversible encryption algorithm before it is stored to the iPhone flash disk.

    “Irreversible encryption is a cryptographic process that transforms data deterministically to a form from which the original data cannot be recovered, even by those who have full knowledge of the method of encryption. The process may be used to protect stored passwords in a system where the password offered is first encrypted before it is matched against the stored encrypted password. Illegal access to the stored password therefore does not permit access to the system.”

    ScadaMobile Team.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: