Technion at BlackHat2022
Researchers decrypt Siemens’ smart programmable logic controller firmware
Researchers in the Henry and Marilyn Taub Faculty of Computer Science at the Technion – Israel Institute of Technology will present the decryption of Siemens’ programmable logic controller (PLC) firmware at the prestigious Black Hat Hacker Convention in Las Vegas. The findings of the study were forwarded to the company.
Black Hat is an internationally recognized cybersecurity event series providing the information security community with the latest cutting-edge research, developments and trends in the field.
The research project was led by the Head of the Technion Hiroshi Fujiwara Cyber Security Research Center, Professor Eli Biham, along with Dr. Sara Bitan and M.Sc. students Maxim Barsky, Alon Dankner and Idan Raz.
The group succeeded in hacking the ET200 SP Open Controller, CPU 1515sp, of Siemens’ Simatic S7 series, which represents a new concept in controller planning among numerous vendors. The concept is based on the integration of a standard operating system. In this case, the Windows 10 operating system was integrated into the CPU 1515sp. These controllers are used in various civil and military applications, including transportation systems, factories, power stations, smart buildings, traffic lights, and more. Their purpose is to provide automated process controls that delivers an optimal, fast response to variations in environmental conditions.
Attacks against PLCs have posed a challenge for Siemens, which is considered a vendor that meets the highest security standards in the industry. The S7 PLC series is perceived as innovative and highly secure, largely thanks to the integration of built-in cryptographic mechanisms.
The Technion researchers attacked the CPU 1515sp and, for the first time, decrypted the firmware, which is common to all PLCs in the series. The successful attack enabled the researchers to study the software characteristics. They say that the attack exposed possible vulnerabilities in this PLC and in other controllers in the series, intensifying the need for improved security of these devices. Considering that they are deployed in critical infrastructure and systems such as power plants, water facilities, transportation systems, etc., attacks by hostile elements could pose a danger to everyday life and critical functions.
Dr. Sara Bitan and Alon Dankner will be presenting the research at the Black Hat Convention in Las Vegas.