back

Switches Get Stitches

Industrial System Ownership

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:58:23
Language
English
Abstract
This talk will introduce you to Industrial Ethernet Switches and their vulnerabilities. These are switches used in industrial environments, like substations, factories, refineries, ports, or other other homes of industrial automation. In other words: DCS, PCS, ICS & SCADA switches. It is a very good companion talk to Damn Vulnerable Chemical Process? Own your own critical infrastructures today!

This talk will introduce you to Industrial Ethernet Switches and their vulnerabilities. These are switches used in industrial environments, like substations, factories, refineries, ports, or other other homes of industrial automation. In other words: DCS, PCS, ICS & SCADA switches.

The researchers focus on attacking the management plane of these switches, because we all know that industrial system protocols lack authentication or cryptographic integrity. Thus, compromising any switch allows the creation of malicious firmwares for further MITM manipulation of a live process.

Not only will vulnerabilities be disclosed for the first time (exclusively at 31C3), but the methods of finding those vulnerabilities will be shared. All vulnerabilities disclosed will be in the default configuration state of the devices. While these vulnerabilities have been responsibly disclosed to the vendors, SCADA/ICS patching in live environments tends to take 1-3 years. At least three vendors switches will be examined: Siemens, GE, Garrettcom.

Therefore, this presentation matters to any hackers or anarchists, who believe they have a right to examine the resilience and security of the infrastructures that support their communities.

Own your own critical infrastructures today!

Talk ID
6196
Event:
31c3
Day
2
Room
Saal 1
Start
11:30 a.m.
Duration
01:00:00
Track
Security & Hacking
Type of
lecture
Speaker
Eireann Leverett
Talk Slug & media link
31c3_-_6196_-_en_-_saal_1_-_201412281130_-_switches_get_stitches_-_eireann_leverett

Talk & Speaker speed statistics

Very rough underestimation:
171.5 wpm
919.6 spm
173.0 wpm
924.3 spm
100.0% Checking done100.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%
  

Work on this video on Amara!

Talk & Speaker speed statistics with word clouds

Whole talk:
171.5 wpm
919.6 spm
Eireann Leverett:
173.0 wpm
924.3 spm