+ All Categories
Home > Documents > ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc)...

ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc)...

Date post: 01-Aug-2020
Category:

Documents
Upload: others
View: 12 times
Download: 0 times
Download Report this document
Share this document with a friend
34
ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) [email protected] STERGIOS KOLIOS [email protected] ICS-CSR CONFERENCE 2019 www.census-labs.com
Transcript
Page 1: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

ICS/SCADA & IoT SECURITY TESTINGDIMITRIOS GLYNOS (@dfunc)[email protected]

STERGIOS [email protected]

ICS-CSR CONFERENCE 2019

www.census-labs.com

Page 2: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> ABOUT CENSUS

•–

•–

Page 3: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> SHORT BIO

•–

•–

Page 4: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> ICS/SCADA SECURITY TESTING

Page 5: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> TERMINOLOGY•

Page 6: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> COMMON PROTOCOLS

Page 7: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> PROTOCOL SECURITY

Page 8: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> SCADA/PLC ADVISORIES

• https://www.us-cert.gov/ics/advisories-by-vendor

Page 9: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> WHAT DOES THIS MEAN?

• Adversarial actions on the ICS network may lead to:

Page 10: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> IoT SECURITY TESTING

Page 11: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> INTERNET OF THINGS (IoT)

Page 12: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> TESTING THE SECURITY OF IoT DEVICES

HardwareSecurity

SoftwareSecurity

CommunicationsSecurity

Management PlatformSecurity

Device Command & Control

Is it possible to decrypt stored data just by communicating with the secure chip?

Is it possible for an unauthorized actor to remotely control the device due to a bug in the software?

Is it possible for someone to eavesdrop on the device communications?

Is it possible for an unauthorized actor to collect all data gathered by the devices?

Page 13: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> TESTING THE SECURITY OF IoT DEVICES

Black Box Testing Timeline

Identify Vulnerabilities in Exposed Functionalities

Identify Vulnerabilities in Analyzed Firmware

Enumerate Exposed Functionalities

Test Functionalities

Dump FirmwareIdentify

Vulnerabilities

Page 14: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> COMMON ISSUES OF IoT DEVICES

•–

•–

Page 15: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> DEMO OF IoT DEVICE BUG EXPLOITATION

Page 16: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> CRITICAL INFRASTRUCTURE PENETRATION TESTING

Page 17: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> CRITICAL INFRASTRUCTURE

•–

Page 18: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> CRITICAL INFRASTRUCTURE NETWORK AND INFORMATION SECURITY

•–

Page 19: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> CRITICAL INFRASTRUCTURE TECH. & THREATS

Page 20: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> ICS CYBER ATTACKS

•–

•–

Page 21: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> PENETRATION TESTING OF CRITICAL INFRASTRUCTURE

Page 22: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> PENETRATION TESTING OF CRITICAL INFRASTRUCTURE

Page 23: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> PENETRATION TESTING OF CRITICAL INFRASTRUCTURE

Page 24: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> PENETRATION TESTING OF CRITICAL INFRASTRUCTURE

Page 25: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> USING NMAP TO IDENTIFY PLCs

Page 26: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> USING SNAP7 CLIENT TO CONNECT TO PLC

Page 27: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> ARBITRARY READ/WRITE OF PLC MEMORY

Page 28: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> SENDING START/STOP COMMANDS TO PLC

Page 29: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> DEMO OF PLC PROTOCOL BUG EXPLOITATION

Page 30: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> COMMON PEN. TESTING FINDINGS

Page 31: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> COMMON PEN. TESTING FINDINGS

•–

–•

Page 32: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> PROBLEMS

Page 33: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

> CONCLUSIONS

Page 34: ICS/SCADA & IoT SECURITY TESTING · ICS/SCADA & IoT SECURITY TESTING DIMITRIOS GLYNOS (@dfunc) dimitris@census-labs.com STERGIOS KOLIOS stergios@census-labs.com ICS-CSR CONFERENCE

Recommended
ICS-52 & ICS-92 Manual

ICS-52 & ICS-92 Manual

Documents

General-Purpose Linear ICs · 2011-02-21 · 118 Operational Amplifier ICs (Op Amp ICs) & Comparator ICs Operational Amplifier ICs (Op Amp ICs) & Comparator ICs (Bipolar, Single-Circuit

General-Purpose Linear ICs · 2011-02-21 · 118 Operational Amplifier ICs (Op Amp ICs) & Comparator ICs Operational Amplifier ICs (Op Amp ICs) & Comparator ICs (Bipolar, Single-Circuit

Documents

Vision-Aided Inertial Navigation for Pin-Point Landing ...stergios/papers/JFR-DIMES.pdf · Dept. of Computer Science & Engineering University of Minnesota Minnesota, MN 55455 stergios@cs.umn.edu

Vision-Aided Inertial Navigation for Pin-Point Landing ...stergios/papers/JFR-DIMES.pdf · Dept. of Computer Science & Engineering University of Minnesota Minnesota, MN 55455 [email protected]

Documents

Safe labs.com

Safe labs.com

Technology

G0402: ICS-402: ICS Overview for Executives/Senior Officials ... - ics-402...Augosto de 2020 G0402: ICS -402: ICS Overview for Executives/Senior Officials Parte 1: ICS-402: Descripción

G0402: ICS-402: ICS Overview for Executives/Senior Officials ... - ics-402...Augosto de 2020 G0402: ICS -402: ICS Overview for Executives/Senior Officials Parte 1: ICS-402: Descripción

Documents

On rights and regulation Open Classroom Jim Stergios October 12, 2011.

On rights and regulation Open Classroom Jim Stergios October 12, 2011.

Documents

Fuzzing_Objects_d_ART…census-labs.com/media/Fuzzing_Objects_d_ART_hitbsecconf2015am… · Anestis Bechtsoudis Security Engineer – CENSUS S.A. anestis@census-labs.com @anestisb

Fuzzing_Objects_d_ART…census-labs.com/media/Fuzzing_Objects_d_ART_hitbsecconf2015am… · Anestis Bechtsoudis Security Engineer – CENSUS S.A. [email protected] @anestisb

Documents

Stergios ,Mavromatis Assistant Professor Technological … · 2016. 7. 27. · Stergios ,Mavromatis Assistant Professor Technological Educational Institute of Athens stemavro@teiath.gr

Stergios ,Mavromatis Assistant Professor Technological … · 2016. 7. 27. · Stergios ,Mavromatis Assistant Professor Technological Educational Institute of Athens [email protected]

Documents

Stergios Topouris , Dragan Stamenković *, Michel Olphe ...

Stergios Topouris , Dragan Stamenković *, Michel Olphe ...

Documents

Challenges and Opportunities in Providing Wireless Data Services in 3G Wireless Networks Dr. Sanjoy Paul (sanjoy@bell-labs.com) sanjoy@bell-labs.com Research.

Challenges and Opportunities in Providing Wireless Data Services in 3G Wireless Networks Dr. Sanjoy Paul ([email protected]) [email protected] Research.

Documents

Implementation Of Adaptive And Synthetic-aperture ...dimitris/research/stergios/00659491.pdf · STERGIOS STERGIOPOULOS, SENIOR MEMBER, IEEE Progress in the implementation of state-of-the-art

Implementation Of Adaptive And Synthetic-aperture ...dimitris/research/stergios/00659491.pdf · STERGIOS STERGIOPOULOS, SENIOR MEMBER, IEEE Progress in the implementation of state-of-the-art

Documents

3. OCT-5 1140 Vakalis Stergios - ccnyeec.orgccnyeec.org/wp-content/uploads/2018/10/Stergios-Vakalis-Applications... · z 7khlvvxhri³gxdolw\´kdvehhqrikljklpsruwdqfh (dfkzdvwh wr

3. OCT-5 1140 Vakalis Stergios - ccnyeec.orgccnyeec.org/wp-content/uploads/2018/10/Stergios-Vakalis-Applications... · z 7khlvvxhri³gxdolw\´kdvehhqrikljklpsruwdqfh (dfkzdvwh wr

Documents

Hardware Specifications - Techtronics · ics 1001/ ics 1011/ ics 1003/ ics 1013/ ics 1300/ ics 1310/ ics 130a/ ics 131a fcs-0010/ wcs-0010/ fcs-0020/ wcs-0020/ fcs-1010/ wcs-2010

Hardware Specifications - Techtronics · ics 1001/ ics 1011/ ics 1003/ ics 1013/ ics 1300/ ics 1310/ ics 130a/ ics 131a fcs-0010/ wcs-0010/ fcs-0020/ wcs-0020/ fcs-1010/ wcs-2010

Documents

ICS-10x User's Guide€¦ · User’s Manual . ICS-100 / ICS-101 / ICS-102 . ICS-102S15 / ICS-105A . RS-232/RS-422/RS-485 . over . 100Base-FX / 10/100Base-TX . Media Converter

ICS-10x User's Guide€¦ · User’s Manual . ICS-100 / ICS-101 / ICS-102 . ICS-102S15 / ICS-105A . RS-232/RS-422/RS-485 . over . 100Base-FX / 10/100Base-TX . Media Converter

Documents

Thermo Scientific Dionex ICS-1100, ICS-1600, and ICS-2100 Systems

Thermo Scientific Dionex ICS-1100, ICS-1600, and ICS-2100 Systems

Documents

INTRODUCING WIFIPHISHER - census-labs.com

INTRODUCING WIFIPHISHER - census-labs.com

Documents

2 on Irregular Bridges 3 Stergios A Mitoulis, Ph.D., M ...€¦ · 1 1 Seismic Performance of Novel Resilient Hinges for Columns and Application 2 on Irregular Bridges 3 Stergios

2 on Irregular Bridges 3 Stergios A Mitoulis, Ph.D., M ...€¦ · 1 1 Seismic Performance of Novel Resilient Hinges for Columns and Application 2 on Irregular Bridges 3 Stergios

Documents

Plenoptic Stitching: A Scalable Method for Reconstructing 3D Interactive Walkthroughs Daniel G. Aliaga Aliaga@bell-labs.com Ingrid Carlbom Carlbom@bell-labs.com.

Plenoptic Stitching: A Scalable Method for Reconstructing 3D Interactive Walkthroughs Daniel G. Aliaga [email protected] Ingrid Carlbom [email protected].

Documents