Series 9 – Episode 5 – Mitigating the security risks for electronic shelf labels
Paige West talks with Steffen Robertz, a Security Consultant at SEC Consult about electronic shelf labels (ESL) and mitigating their security risks.
SEC Consult is an IT security consultancy that offers security audits for pretty much every industry that needs to be pen tested. Penetration Testing is a method for identifying risks present on a specific operational system.
An ESL tag is usually a small device that consists mostly of a display on the front and a battery that’s supposed to last years. Normally, they will have some sort of wireless communication that can be used to refresh whatever information is on display. A lot of times, ESL tags are used in supermarkets.
Since ESLs are deployed in an open environment, they are susceptible to many attacks that threaten the wireless operation. Robertz highlights some of the consequences of this: “We could obstruct the retailer by displaying fake prices to confuse people. People would get annoyed at the store and move on to a different one. You could also potentially blackmail the retailer.
“Another option would be to display a QR code, for example, for a new sale item or a discount coupon and deploy a phishing site behind that to gather people’s personal information and passwords. People would trust the source because it’s being displayed in the store.”
SEC Consult help to detect vulnerabilities before they are exploited. “The main thing here is to have us integrated pretty much in the design process of the electronics and have them tested at every development stage.”
Robertz focuses on retrieving and reverse engineering firmwares in order to find vulnerabilities. He’s analysed a 433MHz connection of a popular ESL tag and identified multiple security flaws. He was even able to discover the original manufacturer of the E-Tag labelled microcontrollers.
Robertz goes on the speak about how someone can go about assessing an IoT device for security vulnerabilities, without any prior known research and as developers and consumers are becoming more conscious regarding the privacy and safety of IoT devices, why protection must improve.