Safety Controllers (Safety Instrumented Systems) have always been considered immune to attacks as last barrier of plant safety, and claimed to be designed to ensure safe and reliable operation for Industrial Control Systems (ICS) and Supervisory Control and DataAcquisition (SCADA) environments. Unfortunately, the recent research and in-the-field experience indicate misplaced confidence (based on SIL) and overall weak security practices since these devices themselves form another attack surface for the determined adversaries.
This presentation discusses vulnerabilities found by Applied Risk research team across various state of the art safety controllers, which are commonly used in industrial environments. Advanced attack vectors will be discussed where attackers could exploit the discovered vulnerabilities to gain control over the device, including connected industrial assets.In addition to the discovered vulnerabilities, the process we followed during our research will be discussed.
Examples will be given for topics including:
- From research to exploitation (a la basecamp)
- Manipulate the safety logic
- Live Demo