hackers getting closer to things we care about ...

To add to Ron's post. I received the Schneider Electric Advisory 2017038abi (ADV288) email. One of the important statements in the email was that the Malware would only be able to deliver it's payload if the controllers keyswitch was in the "Program" mode.
 
I'm not sure what makes this a watershed event. Wasn't it just last year that some guys got control of a treatment plant and diddled with the amount of chlorine being injected into the water?

And while I have fond memories of my time at Schneider, this comes as no surprise. I told them back in 2011 that they were headed for disaster due to something that I saw. Turns out that six months later I was proven right.

Then there was the hard-coded password in one of their products, and the instruction manual showing what the password was. Anybody up for a discount on their utility bill this month? :)

And there was the whole Stuxnet thing...


And there's this:

http://www.plctalk.net/qanda/showthread.php?t=90963
 
I thought Stuxnet was the watershed event.

btw. Stuxnet doesn't require the internet to do its work. Which is a point of contention whenever I get into a this type of discussion. I contend there's no true air-gapped system.
 
I'm dense. I went through the slidedeck on the CyberX "air-gap" hack and still failed to see how they modified the ladder. Are they saying by inducing some kind of EMF they change the logic? If so, they part on how is still very fuzzy to me.
 
I'm dense. I went through the slidedeck on the CyberX "air-gap" hack and still failed to see how they modified the ladder. Are they saying by inducing some kind of EMF they change the logic? If so, they part on how is still very fuzzy to me.

Yes, all they've done in the video is accessing the Webserver of the Plc. At least this is very impressive, but modifying running code of the Plc is a complete different level.

The password protection of the 1200/1500 Plcs (if you use it) is very effective and uses current cryptographic methods (compared to those in the S7-300/400 series).
And synchronizing to Plc code execution may work at labour conditions, but in the real world where hmi communication interrupts the Plc cycle when it's needed, I doubt that this will work so easily.
 
I'm dense. I went through the slidedeck on the CyberX "air-gap" hack and still failed to see how they modified the ladder. Are they saying by inducing some kind of EMF they change the logic? If so, they part on how is still very fuzzy to me.

The cyberX presentation is all about getting data OUT of the PLC without an internet connection. It's assuming you have some other way of getting your changes into the PLC.

From what I read in the presentation, the PLC seems to send a strong EMF signal at some frequency at the beginning of the scan. By executing a huge memory copy, it made the scan longer, this allowing them to read a 1 or a 0.
 
Friends of mine have worked on various defence department projects over the years. One particular one comes to mind where they were required to use transparent conduit with single cable runs and a 1000mm separation between the conduits/cables..... Because inductive coupling is a thing, and apparently a great way to steal information.
 
The cyberX presentation is all about getting data OUT of the PLC without an internet connection. It's assuming you have some other way of getting your changes into the PLC.

From what I read in the presentation, the PLC seems to send a strong EMF signal at some frequency at the beginning of the scan. By executing a huge memory copy, it made the scan longer, this allowing them to read a 1 or a 0.
That makes more sense. I hear on a reputable podcast once that a group successfully "read" data just by capturing the activity light of the hard drive.
 

Similar Topics

Last Wednesday night I watched Omni on PBS. It was a special about how hackers are now (or have been) hacking into networks and taking control of...
Replies
16
Views
5,966
http://www.bbc.co.uk/news/technology-15817335 Dont know if anyone has read/heard about this?! Intresting that more and more large scale SCADA...
Replies
16
Views
12,857
The application was working in Twincat 4022.16 Used VM for offline. recently changed the laptop and the getting the error with Message as below...
Replies
0
Views
32
We are using wincc scada WinCC system software V7.5 SP2 , connected to few plc . Past 3 weeks we getting this alarm continously when we checked...
Replies
0
Views
65
I am very, very new to PLCs. I only have experience with Picos, but I knew enough to save this from the dumpster. Apparently, everything on it is...
Replies
13
Views
559
Back
Top Bottom