The Great Train Cyber Robbery

Presented at 32C3 (2015), Dec. 27, 2015, 6:30 p.m. (60 minutes)

For years SCADA StrangeLove team speaks about vulnerabilities in Industrial Control Systems. Now we want to show by example of railway the link between information security and industrial safety and demonstrate how a root access gained in a few minutes can bring to naught all the years of efforts that were devoted to the improvement of fail-safety and reliability of the ICS system.

Railroads is a complex systems and process automation is used in different areas: to control power, switches, signals and locomotives. At this talk we will analyze threats and vulnerabilities of fundamental rail-road automation systems such as computer based interlocking, automatic train control and automatic train protection.

No vendor names and vulnerabilities details will be released, for obvious reasons. By the way, all research based on hands-on security exercises and most of issues are confirmed and processed by vendors.

Presenters:

• repdet
• Aleksandr Timorin
  Pentester and ICS/SCADA security researcher. As a member of SCADAStrangeLove team I’m trying to make the world safer. That’s why industrial control systems, protocols, smartgrids and so on are my main interests. I want to share our results with the community.
• Sergey Gordeychik
  Sergey Gordeychik is the former Director and Scriptwriter of the Positive Hack Days forum, captain of SCADAStrangeLove.org team and Web Application Security Consortium (WASC) contributor. Industrial cyber-disasters researcher and speaker at CodeBlue, S4, PacSec, CCC, POC, Kaspersky SAS, etc.

Links:

• https://fahrplan.events.ccc.de/congress/2015/Fahrplan/events/7490.html

Similar Presentations:

• BruCON 0x09 (2017) / ICS Pentest 101 Workshop
• BSidesLV 2016 / Pentesting Industrial Control Systems : Capture the Flag!
• 31C3 (2014) / SCADA StrangeLove: Too Smart Grid in da Cloud