Register for updates

 
 

Computers & Technology
RSS Feed
TAU and Technion Researchers Wrest Control of One of World's Most Secure PLCs
Thursday, August 08, 2019 2:00:00 PM

Rogue engineering station instigated "hostile intervention" of Siemens programmable logic controller that runs industrial processes

Cybersecurity researchers at Tel Aviv University and the Technion Institute of Technology have discovered critical vulnerabilities in the Siemens S7 Simatic programmable logic controller (PLC), one of the world's most secure PLCs that are used to run industrial processes.

Prof. Avishai Wool and M.Sc student Uriel Malin of TAU's School of Electrical Engineering worked together with Prof. Eli Biham and Dr. Sara Bitan of the Technion to disrupt the PLC's functions and gain control of its operations.

The team is slated to present their findings at Black Hat USA week in Las Vegas this month, revealing the security weaknesses they found in the newest generation of the Siemens systems and how they reverse-engineered the proprietary cryptographic protocol in the S7.

The scientists' rogue engineering workstation posed as a so-called TIA engineering station that interfaced with the Simatic S7-1500 PLC controlling the industrial system. "The station was able to remotely start and stop the PLC via the commandeered Siemens communications architecture, potentially wreaking havoc on an industrial process," Prof. Wool explains. "We were then able to wrest the controls from the TIA and surreptitiously download rogue command logic to the S7-1500 PLC."

The researchers hid the rogue code so that a process engineer could not see it. If the engineer were to examine the code from the PLC, he or she would see only the legitimate PLC source code, unaware of the malicious code running in the background and issuing rogue commands to the PLC.

The research combined deep-dive studies of the Siemens technology by teams at both the Technion and TAU.

Their findings demonstrate how a sophisticated attacker can abuse Siemens' newest generation of industrial controllers that were built with more advanced security features and supposedly more secure communication protocols.

Siemens doubled down on industrial control system (ICS) security in the aftermath of the Stuxnet attack in 2010, in which its controllers were targeted in a sophisticated attack that ultimately sabotaged centrifuges in the Natanz nuclear facility in Iran.

"This was a complex challenge because of the improvements that Siemens had introduced in newer versions of Simatic controllers," adds Prof. Biham. "Our success is linked to our vast experience in analyzing and securing controllers and integrating our in-depth knowledge into several areas: systems understanding, reverse engineering, and cryptography."

Dr. Bitan noted that the attack emphasizes the need for investment by both manufacturers and customers in the security of industrial control systems. "The attack shows that securing industrial control systems is a more difficult and challenging task than securing information systems," she concludes.

Following the best practices of responsible disclosure, the research findings were shared with Siemens well in advance of the scheduled Black Hat USA presentation, allowing the manufacturer to prepare.




Latest News

Study Finds Prehistoric Humans Ate Bone Marrow Like Canned Soup 400,000 Years Ago

Bone and skin preserved the nutritious marrow for later consumption, TAU researchers say.

TAU and Ichilov Researchers Develop Innovative Treatment for Familial Adenomatous Polyposis

Adolescents and young adults with the inherited disorder bear a high risk of developing colorectal cancer.

Engineered T Cells May Be Harnessed to Kill Solid Tumor Cells

Novel immunotherapy extends therapy now used in fighting leukemia, TAU researchers say.

Researchers Discover How a Protein Connecting Calcium and Plant Hormone Regulates Plant Growth

Mechanism enables plants to adapt their development to their environment, TAU researchers say.

LocalTAU Top Scientists Move Closer to Securing Pilot Program in Miami

Fellows from competition return to Miami to present at marine health summit and participate in high-level meetings.

TAU Researchers Discover Evidence of Biblical Kingdom of Edom in Arava Desert

Findings also suggest pharaoh's influence on Edom turned kingdom into copper powerhouse, say TAU researchers.

Business and Civic Leader Mort Mandel Awarded TAU Honorary Doctorate

Mr. Mandel cited for his visionary philanthropy and establishment of the Jack, Joseph and Morton Mandel Center for STEM and the Humanities at TAU.

Early Humans Used Tiny, Flint "Surgical" Tools to Butcher Elephants

New discovery by TAU-led research group suggests early humans in the Levant were sophisticated and environmentally conscious.

TAU Ranks Among Top 10 Undergraduate Programs Producing Most Venture Capital-Backed Entrepreneurs

Joining Stanford, UC Berkeley, and MIT, TAU is the only non-U.S. university to make top 10 of global VC list.

Protein Mapping Pinpoints Why Most Metastatic Melanoma Patients Do Not Respond to Immunotherapy

Lipid metabolism found to affect cancer cells' visibility to the immune system, say TAU, Sheba Medical Center researchers.

contentSecondary
c

© 2019 American Friends of Tel Aviv University
39 Broadway, Suite 1510 | New York, NY 10006 | 212.742.9070 | info@aftau.org
Privacy policy | Tel Aviv University