Industrial Protocol Gateways Under Analysis

Presented at Black Hat USA 2020 Virtual, Aug. 5, 2020, 11 a.m. (40 minutes)

With the development of the Industry 4.0, legacy devices like serial control servers or PLCs are often needed to be interconnected to modern IT networks, or to the Internet (e.g. cloud providers). To address this need, protocol gateways enable the conversion of ICS protocols, for example to connect an IP-based network to one or more serial devices, and vice-versa. While previous research has shown that protocol gateways may suffer from local operating-system vulnerabilities, it is not clear to what extent protocol conversion is resilient to attacks or abuse. To give an answer to such questions, we conducted a cross-vendor security evaluation of five popular gateways and discovered several classes of security problems that, when leveraged by adversaries, can damage or negatively impact on the operation of industrial facilities. Through our collaboration with a major bug bounty program, we reported nine 0-day vulnerabilities and we are currently working with the affected vendors in improving the current situation. In this talk, we share the results of our research and discuss the impact to the problems that we identified and potential countermeasures.<span>This is joint work with colleagues Philippe Lin, Ryan Flores, Charles Perine, Rainer Vosseler and external researcher Luca Bongiorni.</span>

Presenters:

• Marco Balduzzi - Senior Research Scientist, Trend Micro Research
  Dr. Marco Balduzzi holds a PhD in applied security from Télécom ParisTech and a M.Sc. in computer engineering from University of Bergamo. His interests concern all aspects of computer security, with particular emphasis on real problems that affect systems and networks. Some topics of interest are web and browser security, code analysis, malware detection, cyber-crime, privacy, and threats in the IoT space. With 15 years of experience in IT security, he's now with Trend Micro as a Senior Research Scientist. His work has been published in top peer-reviewed conferences like NDSS, RAID and ACSAC, and featured by distinguished media like Forbes, The Register, InfoWorld, DarkReading, BBC, and CNN. He's a regular speaker at conferences like Black Hat, HITB, OWASP AppSec, and now sits on the review board of IEEE journals and venues like HITB, AppSec, eCrime, and DIMVA.

Links:

• https://www.blackhat.com/us-20/briefings/schedule/#industrial-protocol-gateways-under-analysis-20632

Similar Presentations:

• Black Hat USA 2018 / Breaking the IIoT: Hacking industrial Control Gateways
• DEF CON 24 (2016) / Light-Weight Protocol! Serious Equipment! Critical Implications!
• Texas Cyber Summit 2019 / BT-1050 Shining a Light on Shadow IT in the Cloud