No VPN Needed? Cryptographic Attacks Against the OPC UA Protocol

Presented at DEF CON 33 (2025), Aug. 8, 2025, 10:30 a.m. (45 minutes).

OPC UA is a standardized communication protocol that is widely used in the areas of industrial automation and IoT. It is used within and between OT networks, but also as a bridge between IT and OT environments or to connect field systems with the cloud. Traditionally, VPN tunnels are used to secure connections between OT trust zones (especially when they cross the internet), but this is often considered not to be neccessary when using OPC UA because the protocol offers its own cryptographic authentication and transport security layer. This makes OPC UA a valuable target for attackers, because if they could hijack an OPC UA server they might be able to wreak havoc on whatever industrial systems are controlled by it. I decided to take a look at the cryptography used by the protocol, and managed to identify two protocol flaws which I could turn into practical authentication bypass attacks that worked against various implementations and configurations. These attacks involve signing oracles, signature spoofing padding oracles and turning "RSA-ECB" into a "timing side channel amplifier". In this talk, I will explore the protocols and the issues I identified, as well as the process of turning two theoretical crypto flaws into highly practical exploits. References: - OPC UA Specifications, OPC Foundation, [link](https://reference.opcfoundation.org/) - "Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS# 1.", Daniel Bleichenbacher, Advances in Cryptology—CRYPTO'98: 18th Annual International Cryptology Conference Santa Barbara, California - Prior OPC UA research work by the Claroty Research Team, [link](https://claroty.com/team82/research/opc-ua-deep-dive-a-complete-guide-to-the-opc-ua-attack-surface)

Presenters:

• Tom Tervoort
  Tom Tervoort is a Principal Security Specialist for Secura, a security company based in the Netherlands. Tom regularly performs network pentests, web/mobile application assessments, as well as code, configuration and design reviews for large Dutch companies and institutions. Tom's primary areas of interest include cryptographic protocols and cryptography engineering, advanced web attacks and Windows AD pentesting. Besides doing security assessments, Tom also develops and gives cryptography and secure programming courses to software developers. In December 2020, Tom won a Pwnie award for Best Cryptographic Attack, due to his discovery of the Zerologon vulnerability. Tom has spoken at various conferences, including Black Hat USA 2021 and 2023, Black Hat Europe 2022 and ONE Conference 2021.

Similar Presentations:

• DEF CON 31 (2023) / Exploiting OPC-UA in Every Possible Way: Practical Attacks Against Modern OPC-UA Architectures
• Black Hat USA 2021 / A Broken Chain: Discovering OPC UA Attack Surface and Exploiting the Supply Chain
• Black Hat Europe 2021 / Resting on Feet of Clay: Securely Bootstrapping OPC UA Deployments