Change search
ReferencesLink to record
Permanent link

Direct link
Creating a Weapon of Mass Disruption: Attacking Programmable Logic Controllers
Norwegian University of Science and Technology, Faculty of Information Technology, Mathematics and Electrical Engineering, Department of Computer and Information Science.
2013 (English)MasteroppgaveStudent thesis
Abstract [en]

A programmable logic controller (PLC) is a small industrial computer made to withstand the harsh environment it operates in. PLCs were designed for a closed, trusted network with little emphasis on security. Since their introduction, the automation world has changed, and the line between traditional IT and automation has slowly faded away. By integrating well known, low cost, technology such as commodity operating systems and TCP/IP into the automation realm, new threats are emerging. Security by obscurity was long deemed sufficient for industrial networks. If this was ever true, it is not anymore,especially when considering where PLCs are deployed; PLCs are part of virtually every industrial control system in the world and is at the heart of systems such as power production (including nuclear), pipelines, oil and gas refineries, water and waste, and weapon systems. A compromised system could mean financial loss, damage to equipment or in some cases, loss of life. This thesis looks at PLC security from an attacker?s perspective. That is, given logical network access, what will an attacker attempt to accomplish and how will he or she proceed? In order to answer these questions, and more, this thesis discusses techniques and tools that can be used to compromise a PLC. Studying PLC security in detail, this thesis include both theoretical and practical aspects of security in PLCs. In-depth security tests are performed on a widely used PLC; uncovering several critical security vulnerabilities, including a new XML parser vulnerability accompanied by a zero day exploit allowing the adversary to perform a DoS attack that completely disables the PLC, including communication capabilities. Other exploits are also developed and their consequences run the gamut from arbitrary code execution, file read/write permissions, installing customized firmware, to manipulating actuators. The research culminates in a set of python scripts, an exploit suite, implementing all the exploits developed. This thesis shows that an adversary with network access can perform devastating attacks with relative ease. In the hands of the wrong people, the weaponized exploit suite, can cause tremendous damage. Shutting down, or altering, an industrial process will in many cases have severe financial and/or safety consequences.

Place, publisher, year, edition, pages
Institutt for datateknikk og informasjonsvitenskap , 2013. , 124 p.
URN: urn:nbn:no:ntnu:diva-22434Local ID: ntnudaim:8959OAI: diva2:649678
Available from: 2013-09-19 Created: 2013-09-19 Last updated: 2013-09-19Bibliographically approved

Open Access in DiVA

fulltext(2044 kB)2734 downloads
File information
File name FULLTEXT01.pdfFile size 2044 kBChecksum SHA-512
Type fulltextMimetype application/pdf
cover(184 kB)9 downloads
File information
File name COVER01.pdfFile size 184 kBChecksum SHA-512
Type coverMimetype application/pdf

By organisation
Department of Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 2734 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 959 hits
ReferencesLink to record
Permanent link

Direct link