back

SCADA - Gateway to (s)hell

Hacking industrial control gateways

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:45:07
Language
English
Abstract
Small gateways connect all kinds of fieldbusses to IP systems. This talk will look at the (in)security of those gateways, starting with simple vulnerabilities, and then deep diving into reverse-engineering the firmware and breaking the encryption of firmware upgrades. The found vulnerabilities will then be demonstrated live on a portable SCADA system.

Companies often utilize small gateway devices to connect the different field-busses used in industrial control systems (such as Modbus, RS232 etc) to TCP/IP networks. Under the hood, these devices are mostly comprised of ARM-based mini computers, running either custom, tiny operating systems or uClinux/Linux. The talk will look at the security aspects of these gateways by examining known and unfixed vulnerabilities like unchangeable default credentials, protocols that do not support authentication, and reverse engineering and breaking the encryption of firmware upgrades of certain gateways.

The talk will consist of a theoretical part, an introduction on how to reverse-engineer and find vulnerabilities in a firmware-blob of unknown format, and a practical part, showcasing a live ICS environment that utilizes gateways, from both the IP and the field-bus side, to pivot through an industrial control system environment: Demonstrating how to potentially pivot from a station in the field up to the SCADA headquarters, permanently modifying the firmware of the gateways on the way.

Talk ID
8956
Event:
34c3
Day
4
Room
Saal Dijkstra
Start
4:30 p.m.
Duration
01:00:00
Track
Security
Type of
lecture
Speaker
stacksmashing
Talk Slug & media link
34c3-8956-scada_-_gateway_to_s_hell

Talk & Speaker speed statistics

Very rough underestimation:
138.3 wpm
765.9 spm
100.0% Checking done100.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%
  

Work on this video on Amara!

Talk & Speaker speed statistics with word clouds

Whole talk:
138.3 wpm
765.9 spm
devicedevicesfirmwarebasicallymicinternetexamplequestiontimesecurityindustrialapplauseserialwebfindsmallcontroltalkbuyuhguessstartcalledmoxapasswordcrossummicrophonesysteminterestinglaughterlookedsupportcodestackarmsecureprotocolsitescriptinglinuxsignalangelnumberscadabigtonconnectwaterstuff