Power of Community: New Attack Scenarios for PCS or Choo Choo PWN in Korea
For the second year in a row , Positive Technologies experts have participated in the largest East Asian conference on information security, Power of Community. This year, at an event held in Seoul, the vulnerabilities of modern automated process control systems (SCADA) that control transport, industrial, fuel and energy, and many other critical facilities were demonstrated.
In recent years, the most developed countries of this region (South Korea, Japan, China, Taiwan, Singapore) occupy leading world positions in the production and implementation of high-speed types of land transport. Electronic trains stuffed with electronics, such as Hyundai, Series E5 Hayabusa, CRH 380 Series, literally fly between Asian metropolitan areas, overcoming 300 and more kilometers per hour.
')
It is difficult to imagine the consequences of a catastrophe or possible damage if cyber-terrorists try to attack modern transport systems. Meanwhile, the developers of such systems are still not paying enough attention to security issues, which was demonstrated during the Choo Choo PWN contest, which came on tour to Seoul.
The Choo Choo Pwn booth created in the Positive Technologies laboratory is a model of a gaming railroad, all elements of which, starting from trains and ending with barriers and traffic lights, are controlled by means of an automated process control system based on three SCADA systems.
It was not so easy to deliver everything you need to Korea (and the assembly of the stand took a whole day), but we coped with this task.
Participants from different countries had to gain access to the railway model and container loading management system, exploiting the vulnerabilities of industrial protocols and bypassing the authentication of SCADA systems and industrial equipment web interfaces. Taking possession of access to the ACS TP network, HMI or industrial controllers, the contestants had to disrupt the performance of individual parts of the railway layout or take control of the target systems. In addition, they were required to disable CCTV cameras.
More than 30 information security specialists participated in the hacking of the Choo Choo PWN booth. The winners were several people at once. Lim Jung Won, Hee-chan Lee and Eun-chang Lee discovered weaknesses in the Modbus protocol and gained control of the crane loading system, which was managed using Siemens products (Simatic WinCC flexible 2008) and ICP DAS (remote control device). input-output). In turn, Grace Kim, Jenny Kim and Chin Bin In gained access to the railway model management system, finding and implementing security flaws in Siemens WinCC 7.0 SP2 and in the Siemens SIMATIC S7-1200 controller (S7 protocol).
Special prizes were awarded to Jonas Zaddach, who used the zero-day vulnerability in the S7-1200 PLC to conduct a DoS attack, and his colleague Lucian Cojocar, who found it. It is worth noting Jenny Kim - the only girl among the winners, who amazed everyone with her dedication and perseverance. And Lim Jung Won was the first to deal with the Modbus protocol and wrote a semi-automatic script for controlling the railway loading crane.
The report Techniques of Attacking Real SCADA & ICS Systems , which was presented by experts from Positive Technologies, touched upon the same topic. Alexander Timorin, Yuri Goltsev and Ilya Karpov shared the latest research results in the field of security of industrial protocols of SCADA-systems and rich practical experience in auditing information systems of vital infrastructure facilities.
Of great interest was also the presentation of Sergey Gordeychik and Alexei Moskvin, who presented the report Automatic Exploit Generation for Application Source Code Analysis .
In the course of this presentation, students learned about the new source code analysis technology, which allows to automate the search for vulnerabilities, the detection of bookmarks and undeclared features in applications.
In addition, at POC'2013, the presentation of two new high-tech software products Positive Technologies, localized for the South Korean market, took place: PT Application Firewall, a firewall that combines traditional black and white list methods with the latest self-study capabilities, and PT Application Inspector, a security monitoring system applications combining the advantages of static, dynamic and interactive source code analysis.
It should be noted that within the Power of Community 2013 traditionally held the most original competitions on the principles of Capture the Flag: the country of morning freshness presented the world with CTF Power of XX, where only girls participate.
With the best of them, the participants of the SecurityFirst team from Sung Chon Hyan University (Kim Aae-sol, Kim Ji-young, Kim Hak-soo, Park Sae-yan, Park Jeong-min) will be met in Russia in May 2014 - The winners of the Seoul CTF this time get directly into the main standings of the PHDays 2014 CTF , bypassing the qualifying round.
PS Competition Choo Choo Pwn was designed specifically for the international forum PHDays III, the preparation of which you can learn from our film:
Choo choo
In recent years, the most developed countries of this region (South Korea, Japan, China, Taiwan, Singapore) occupy leading world positions in the production and implementation of high-speed types of land transport. Electronic trains stuffed with electronics, such as Hyundai, Series E5 Hayabusa, CRH 380 Series, literally fly between Asian metropolitan areas, overcoming 300 and more kilometers per hour.
')
It is difficult to imagine the consequences of a catastrophe or possible damage if cyber-terrorists try to attack modern transport systems. Meanwhile, the developers of such systems are still not paying enough attention to security issues, which was demonstrated during the Choo Choo PWN contest, which came on tour to Seoul.
The Choo Choo Pwn booth created in the Positive Technologies laboratory is a model of a gaming railroad, all elements of which, starting from trains and ending with barriers and traffic lights, are controlled by means of an automated process control system based on three SCADA systems.
It was not so easy to deliver everything you need to Korea (and the assembly of the stand took a whole day), but we coped with this task.
Participants from different countries had to gain access to the railway model and container loading management system, exploiting the vulnerabilities of industrial protocols and bypassing the authentication of SCADA systems and industrial equipment web interfaces. Taking possession of access to the ACS TP network, HMI or industrial controllers, the contestants had to disrupt the performance of individual parts of the railway layout or take control of the target systems. In addition, they were required to disable CCTV cameras.
More than 30 information security specialists participated in the hacking of the Choo Choo PWN booth. The winners were several people at once. Lim Jung Won, Hee-chan Lee and Eun-chang Lee discovered weaknesses in the Modbus protocol and gained control of the crane loading system, which was managed using Siemens products (Simatic WinCC flexible 2008) and ICP DAS (remote control device). input-output). In turn, Grace Kim, Jenny Kim and Chin Bin In gained access to the railway model management system, finding and implementing security flaws in Siemens WinCC 7.0 SP2 and in the Siemens SIMATIC S7-1200 controller (S7 protocol).
Special prizes were awarded to Jonas Zaddach, who used the zero-day vulnerability in the S7-1200 PLC to conduct a DoS attack, and his colleague Lucian Cojocar, who found it. It is worth noting Jenny Kim - the only girl among the winners, who amazed everyone with her dedication and perseverance. And Lim Jung Won was the first to deal with the Modbus protocol and wrote a semi-automatic script for controlling the railway loading crane.
SCADA Security
The report Techniques of Attacking Real SCADA & ICS Systems , which was presented by experts from Positive Technologies, touched upon the same topic. Alexander Timorin, Yuri Goltsev and Ilya Karpov shared the latest research results in the field of security of industrial protocols of SCADA-systems and rich practical experience in auditing information systems of vital infrastructure facilities.
Of great interest was also the presentation of Sergey Gordeychik and Alexei Moskvin, who presented the report Automatic Exploit Generation for Application Source Code Analysis .
In the course of this presentation, students learned about the new source code analysis technology, which allows to automate the search for vulnerabilities, the detection of bookmarks and undeclared features in applications.
In addition, at POC'2013, the presentation of two new high-tech software products Positive Technologies, localized for the South Korean market, took place: PT Application Firewall, a firewall that combines traditional black and white list methods with the latest self-study capabilities, and PT Application Inspector, a security monitoring system applications combining the advantages of static, dynamic and interactive source code analysis.
Female CTF
It should be noted that within the Power of Community 2013 traditionally held the most original competitions on the principles of Capture the Flag: the country of morning freshness presented the world with CTF Power of XX, where only girls participate.
With the best of them, the participants of the SecurityFirst team from Sung Chon Hyan University (Kim Aae-sol, Kim Ji-young, Kim Hak-soo, Park Sae-yan, Park Jeong-min) will be met in Russia in May 2014 - The winners of the Seoul CTF this time get directly into the main standings of the PHDays 2014 CTF , bypassing the qualifying round.
PS Competition Choo Choo Pwn was designed specifically for the international forum PHDays III, the preparation of which you can learn from our film:
Source: https://habr.com/ru/post/201830/
All Articles