Presented at
Black Hat USA 2017,
July 27, 2017, 3:50 p.m.
(50 minutes)
Electricity is of paramount importance in our everyday lives. Our dependence on it is particularly evident during even brief power outages. You can think of power systems as the backbone of critical infrastructures. To date, cyber-attacks against power systems are considered to be extremely sophisticated and only within the reach of nation-states. However, through this presentation we will challenge this perception, and provide a structured methodology towards attacking a power system on a limited budget.
When gathering information during the design phase of an attack, it is electrifying what you can find on the internet if you know what to look for. We will demonstrate information obtained from the web that can be leveraged to model and analyze a target power system, and how we can use this information to model power systems throughout the globe.
However, this talk is not just about theory. We will demonstrate a critical vulnerability we discovered in General Electric Multilin products widely deployed in power systems. Essentially, we completely broke the home brew encryption algorithm used by these protection and management devices to authenticate users and allow privileged operations. Knowledge of the passcode enables an attacker to completely pwn the device and disconnect sectors of the power grid at will, locking operators out to prolong the attack. We will also show a technique for remotely fingerprinting affected devices over the network.
The talk includes a live demo showcasing exploitation of the vulnerability on a feeder management relay and how this vulnerability can have significant impact on a nation. We will discuss mitigation strategies, including the specific firmware update that addresses this vulnerability, and provide our thoughts on what the next steps in securing the power infrastructure should be. Tune in for more.
Presenters:
-
Charalambos Konstantinou
- PhD Candidate, New York University
Charalambos (Harrys) Konstantinou is a PhD candidate in Electrical Engineering at the New York University (NYU) Tandon School of Engineering, NY, and a researcher at NYU Abu Dhabi. He completed his Electrical & Computer Engineering degree at the National Technical University of Athens (NTUA), Greece. His interests include hardware security with particular focus on embedded systems and smart grid technologies. He has published a book chapter along with several conference and journal papers in these areas, and he is also a patent-holder.
-
Anastasis Keliris
- PhD Candidate, New York University
Anastasis (Tasos) Keliris is a PhD candidate at the NYU School of Engineering and a researcher at the Modern Microprocessors Architectures Lab in NYU Abu Dhabi. Tasos obtained his Electrical and Computer Engineering degree from the National Technical University of Athens in Greece. His research concerns the security of embedded devices with a focus on the (in)security of Industrial Control Systems and critical infrastructure.
-
Mihalis Maniatakos
- Assistant Professor, New York University Abu Dhabi
Mihalis Maniatakos is an Assistant Professor of ECE at NYU Abu Dhabi and a Research Assistant Professor at the NYU Tandon School of Engineering. He is the Director of the MoMA Laboratory (nyuad.nyu.edu/momalab). He received his Ph.D. in 2012 from the Electrical Engineering department at Yale University. His research interests, funded by industrial partners and the US government, include robust microprocessor architectures, privacy-preserving computation, as well as industrial control systems security. He has authored several publications in IEEE transactions and conferences, holds patents on privacy-preserving data processing, and serves in the technical program committee for various conferences. Mihalis is currently the faculty lead for the Embedded Security challenge held yearly at various NYU global sites.
Links:
Similar Presentations: