Stealth Low-Level Manipulation of Programmable Logic Controllers I/O by Pin Control Exploitation

Abbasi, Ali; Hashemi, Majid; Zambon, Emmanuele; Etalle, Sandro

doi:10.1007/978-3-319-71368-7_1

Cited by 11 publications

(16 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This reflects both the large number of "low-hanging fruit" vulnerabilities, and an increased interest from attackers towards the disruption of industrial processes. To date, research efforts have predominately focused on real-time operating systems, firmware vulnerabilities, industrial protocols, and bypassing traditional security controls ( Abbasi et al, 2016 ;Biham et al, 2019 ;Drias et al, 2015 ;Nochvay, 2019 ;Wardak et al, 2016 ).…”

Section: Related Workmentioning

confidence: 99%

PCaaD: Towards automated determination and exploitation of industrial systems

Green

Derbyshire

Krotofil

et al. 2021

Computers & Security

View full text Add to dashboard Cite

Over the last decade, Programmable Logic Controllers (PLCs) have been increasingly targeted by attackers to obtain control over industrial processes that support critical services. Such targeted attacks typically require detailed knowledge of system-specific attributes, including hardware configurations, adopted protocols, and PLC control-logic, i.e., process comprehension. The consensus from both academics and practitioners suggests stealthy process comprehension obtained from a PLC alone, to execute targeted attacks, is impractical. In contrast, we assert that current PLC programming practices open the door to a new vulnerability class, affording attackers an increased level of process comprehension. To support this, we propose the concept of Process Comprehension at a Distance (PCaaD), as a novel methodological and automatable approach towards the system-agnostic identification of PLC library functions. This leads to the targeted exfiltration of operational data, manipulation of control-logic behavior, and establishment of covert command and control channels through unused memory. We validate PCaaD on widely used PLCs through its practical application.

show abstract

Section: Related Workmentioning

confidence: 99%

PCaaD: Towards automated determination and exploitation of industrial systems

Green

Derbyshire

Krotofil

et al. 2021

Computers & Security

View full text Add to dashboard Cite

show abstract

Section: Related Workmentioning

confidence: 99%

PCaaD: Towards Automated Determination and Exploitation of Industrial Processes

Green,

Knowles,

Krotofil

et al. 2021

Preprint

View full text Add to dashboard Cite

Over the last decade, Programmable Logic Controllers (PLCs) have been increasingly targeted by attackers to obtain control over industrial processes that support critical services. Such targeted attacks typically require detailed knowledge of system-specific attributes, including hardware configurations, adopted protocols, and PLC control-logic, i.e. process comprehension. The consensus from both academics and practitioners suggests stealthy process comprehension obtained from a PLC alone, to conduct targeted attacks, is impractical. In contrast, we assert that current PLC programming practices open the door to a new vulnerability class based on control-logic constructs. To support this, we propose the concept of Process Comprehension at a Distance (PCaaD), as a novel methodological and automatable approach for systemagnostic exploitation of PLC library functions, leading to the targeted exfiltration of operational data, manipulation of control-logic behavior, and establishment of covert command and control channels through unused memory. We validate PCaaD on widely used PLCs, by identification of practical attacks.

show abstract

“…Industrial control systems are often controlled by programmable logic controllers due to their modular input/output (I/O) options and ability to operate in harsh environments. Programmable logic controllers typically have minimalized operating systems and often no security software, which render them vulnerable to cyber attacks, such as the Stuxnet computer worm or via the manipulation of controller I/O pins as described in [1]. Potential ways to influence I/O pin values are via configuration manipulation attacks, control-flow attacks and code manipulation attacks.…”

Section: Background and Literature Reviewmentioning

confidence: 99%

“…Potential ways to influence I/O pin values are via configuration manipulation attacks, control-flow attacks and code manipulation attacks. The manipulation of I/O pins, called a pin control attack [1], involves reconfiguring pin assignments so that output pins are changed to input pins, and vice versa.…”

Section: Background and Literature Reviewmentioning

confidence: 99%

Cyber Security Modeling of Non-Critical Nuclear Power Plant Digital Instrumentation

MacLean¹,

Borrelli²,

Haney³

2019

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

This chapter examines potential attack vectors that exist in a nuclear power plant and correlates the likelihood of an attack from each vector. The focus is on the boron monitoring system, which directly affects the reactivity in the core; cyber attacks on this system can lead to increased core wear, unsafe reactivity levels and poor power performance. A mockup model is developed using open-source software and hardware, which is tested to evaluate the potential of cyber attacks. A man-inthe-middle attack is implemented to demonstrate a cyber attack and its potential effects. Additionally, a redundancy-based cyber attack mitigation method is implemented using a hardware device that compares the input/output values of multiple programmable logic controllers. The approach for modeling general attack and defense steps is applicable to industrial control systems in the energy sector.

show abstract

Stealth Low-Level Manipulation of Programmable Logic Controllers I/O by Pin Control Exploitation

Cited by 11 publications

References 12 publications

PCaaD: Towards automated determination and exploitation of industrial systems

PCaaD: Towards automated determination and exploitation of industrial systems

PCaaD: Towards Automated Determination and Exploitation of Industrial Processes

Cyber Security Modeling of Non-Critical Nuclear Power Plant Digital Instrumentation

Contact Info

Product

Resources

About