BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Talks.cam//talks.cam.ac.uk// X-WR-CALNAME:Talks.cam BEGIN:VEVENT SUMMARY:On the Insecurity of PLC Systems - Eli Biham\, Technion DTSTART:20230919T130000Z DTEND:20230919T140000Z UID:TALK205216@talks.cam.ac.uk CONTACT:Hridoy Sankar Dutta DESCRIPTION:In a series of papers\, we studied the security of Siemens PLC systems. We first showed that it is possible to fakely and stealthily dow nload any control program into Siemens PLCs\, bypassing cryptographic prot ections (with a variant of HMAC-SHA256 under a supposedly secret key). We could even download a fake executable unrelated to the downloaded source p rogram\, thus disabling the ability of the PLC engineers to identify the f ake program even if they suspect the PLC behaviour. Following Siemens reco mmendations to protect against these attacks by using passwords\, we studi ed the passwords schemes and found various vulnerabilities in some version s of the PLCs. A major protection step made by Siemens was to use TLS inst ead of the Siemens home-grown cryptographic protection. This change seems a good practice in general\, but have several weaknesses. One is the long upgrade cycle of firmware in PLCs once a vulnerability is found\, which ma kes any standard (complex) IT software installed on the PLC a security thr eat. Moreover\, we show that the TLS protection allows attacker to perform new strong attacks which were not possible in the home-grown cryptographi c version. Last but not least\, in a recent openPLC product Siemens use In tel processors that run the (encrypted) PLC firmware and Windows OS on dif ferent cores of the same processor\, under an hypervisor. Unfortunately\, nothing prohibits an attacker to run his own fake version of the PLC firmw are. We conclude that the whole security ecosystem and security assumption s of PLCs should be revisited - the currently existing protection schemes do not address the real threats on PLCs. In another work we proposed a fra mework for a cryptographic protection of PLC communications.\n LOCATION:Webinar &\; LT2\, Computer Laboratory\, William Gates Building . END:VEVENT END:VCALENDAR