DTM Components: Shadow Keys to the ICS Kingdom

Presented at Black Hat Europe 2014, Oct. 16, 2014, 5 p.m. (60 minutes).

Today, industrial control system architectures are complex, multilayered networks, based on many popular (now and not so long ago) technologies, such as XML, COM, ActiveX, OLE32, JSON, .Net, and others. FDT/DTM is one of such architectural elements. In short, FDT/DTM standardizes the communication and configuration interface between all (industrial) field devices and host systems. This is archived with the help of DTM - COM, ActiveX or .Net components. Such components exist for many devices used in oil, gas, energy, nuclear, chemical, and other critical industries. Look at any factory, plant, or other industry object, and you'll find an RTU or PLC that is configured by a DTM component.

During our research, we've analyzed the components for hundreds of field devices based on the Modbus, HART, and Profibus DP low-level protocols. Many of them are exposed to insufficient filtration of user-supplied data, XSS, XXE, SSRF, DoS, and other vulnerabilities. We will provide detailed statistics on the security flaws of DTM components from various vendors.


Presenters:

  • Alexander Bolshev - Digital Security
    Alexander is an Information Security Researcher at Digital Security. He holds a PhD in computer security and also works as assistant professor at Saint-Petersburg State Electrotechnical University. He works on distributed systems, hardware and industrial protocols security. He is the author of several whitepapers in topics of heuristic intrusion detection methods, SSRF attacks, OLAP systems, and industrial protocol security. He has spoken at the following conferences:Black Hat USA, ZeroNights, S4. Alexander actively participates in the life of the Russian Defcon Group.
  • Gleb Cherbov - Digital Security
    Gleb is a Senior IS Auditor and Security Researcher at Digital Security. He is a hardware and wireless geek experienced in ERP, banking systems, web application penetration testing, and other wired stuff script kiddie. He is a co-organizer and speaker at ZeroNights conference. He also actively participates in the Russian DEF CON Group.

Links:

Similar Presentations: