ICSCorsair: How I Will PWN Your ERP Through 4-20 mA Current Loop

Presented at Black Hat USA 2014, Aug. 7, 2014, 10:15 a.m. (60 minutes)

Modern Industrial Control Systems (ICS) are deeply integrated with other parts of corporate networks. Plant Asset Management systems, OPC, and SCADA interconnect low-level devices, such as transmitters, actuators, PLCs, with high-level applications, such as MES and ERP. But, what will happen if you can connect to the line where low-level network protocols (such as HART (FSK over 4-20 mA current loop), FF H1, Profibus DP, Modbus over RS-485, e t.c.) flow? Almost everyone knows that then you can probably affect industrial processes. But, there is something more: from this point, you can attack not only the lowest levels of the network, but also PAS, MES, and even ERP systems! ICSCorsair is an open hardware tool for auditing low-level ICS protocols. It can communicate with various systems using HART FSK and P8CSK, Foundation Fieldbus H1, Profibus, and Modbus protocols. You can control ICSCorsair via USB cable or remotely over WiFi, Bluetooth, or other wireless connection. Different software will be presented to work with ICSCorsair: Metasploit modules, apps for iOS, and Android, etc. In this talk, it will be shown how to trigger such vulnerabilities as XXE, DoS, XSS, and others in SCADA, PAS, ERP, and MES systems using only ICSCorsair and the opportunity to connect to low-level ICS protocol line.

Presenters:

  • Gleb Cherbov - Digital Security
    Gleb is a Senior IS Auditor and Security Sesearcher at Digital Security. He is a hardware and wireless geek experienced in ERP, banking systems, web application penetration testing, and other wired stuff script kiddie. He is a co-organizer and speaker at ZeroNights conference. He also actively participates in the Russian DEF CON Group.
  • Alexander Bolshev - Digital Security
    Alexander is the Information Security Researcher at Digital Security. He holds a PhD in computer security and also works as Assistant Professor at Saint Petersburg State Electrotechnical University. He works on distributed systems, hardware, and industrial protocols security. He is the author of several White Papers on topics of heuristic intrusion detection methods, SSRF attacks, OLAP systems, and industrial protocol security. He spoke at the following conferences: Black Hat USA, ZeroNights, and S4. He actively participates in the life of the Russian DEF CON Group.

Links:

Similar Presentations: