Switches Get Stitches: Industrial System Ownership

Presented at 31C3 (2014), Dec. 28, 2014, 11:30 a.m. (60 minutes)

This talk will introduce you to Industrial Ethernet Switches and their vulnerabilities. These are switches used in industrial environments, like substations, factories, refineries, ports, or other other homes of industrial automation. In other words: DCS, PCS, ICS & SCADA switches. It is a very good companion talk to Damn Vulnerable Chemical Process? Own your own critical infrastructures today! This talk will introduce you to Industrial Ethernet Switches and their vulnerabilities. These are switches used in industrial environments, like substations, factories, refineries, ports, or other other homes of industrial automation. In other words: DCS, PCS, ICS & SCADA switches. The researchers focus on attacking the management plane of these switches, because we all know that industrial system protocols lack authentication or cryptographic integrity. Thus, compromising any switch allows the creation of malicious firmwares for further MITM manipulation of a live process. Not only will vulnerabilities be disclosed for the first time (exclusively at 31C3), but the methods of finding those vulnerabilities will be shared. All vulnerabilities disclosed will be in the default configuration state of the devices. While these vulnerabilities have been responsibly disclosed to the vendors, SCADA/ICS patching in live environments tends to take 1-3 years. At least three vendors switches will be examined: Siemens, GE, Garrettcom. Therefore, this presentation matters to any hackers or anarchists, who believe they have a right to examine the resilience and security of the infrastructures that support their communities. Own your own critical infrastructures today!

Presenters:

• Éireann Leverett   as Eireann Leverett
  Eireann hates writing bios in the third person. He once placed second in an Eireann Leverett impersonation contest. He is sometimes jealous of his own moustache for being more famous than he is. Eireann Leverett has rescued thousands of industrial systems from internet exposure and vulnerability. His work with 52 incident response teams around the world, have improved the knowledge of utility workers globally. He continues to dismantle industrial systems and teach workshops to others on what to secure in process control environments. He is an advisor to ENISA, a member of a few programming committees, and graduate of Cambridge university. He has worked as a developer, quality assurance analyst, penetration tester, researcher, and catastronomics quant. You should of course ignore all this, and just judge the talk as one talk. His work can primarily be summed up with this single phrase: Own your own critical national infrastructure today!

Links:

• https://fahrplan.events.ccc.de/congress/2014/Fahrplan/events/6196.html

Similar Presentations:

• BruCON 0x0A (2018) / Reversing Industrial Protocols – Real World Use Cases (From zero to control in 10 minutes)
• DEF CON 23 (2015) / Switches Get Stitches
• Black Hat USA 2015 / Switches Get Stitches