PHDays IV hacked into "smart city"
During the international forum Positive Hack Days IV , a competition was held to analyze the safety of critical infrastructure called Critical Infrastructure Attack . Competitors had to detect and exploit vulnerabilities in order to gain control over industrial automation systems.
For the first time the competition under the name Choo Choo Pwn was held on PHDays III - then a model of the transport system was created for the competition, controlled by a real system of automated process control systems.
')
This year, the competitive infrastructure was radically updated, which opened up opportunities to detect zero-day vulnerabilities. The stand was supplemented by a large number of new SCADA systems (for example, Siemens TIA Portal 13 Pro and Schneider Electric ClearSCADA 2014 ) and various OPC servers ( Kepware KepServerEX , Honeywell Matrikon OPC ). Among the replenishments were also new HMI devices and a Siemens KTP 600 panel, a PLC ( Siemens Simatic S7-300 and S7-1500 ), as well as remote control devices (for example, ICP DAS PET-7067 ); One of the PLCs ( Schneider Electric MiCOM C264 ) was provided by KROK . A full list of elements of the competitive booth is presented in the text on the PHDays blog .
The stand was created by Positive Technologies information security expert Ilya Karpov and his colleagues from the group of security researchers at the automated process control system .
The contestants had to detect and exploit the vulnerabilities of SCADA-systems and industrial protocols in order to take control over the robotic arm, cargo crane, transport control systems and urban energy supply (in particular, street lighting). In addition, the layout was implemented the possibility of remote control of other objects - robots, individual plant facilities, railway crossings, cooling towers.
We emphasize that all competitive SCADA systems and controllers are actually used on a multitude of critical facilities in various industries - in factories and hydroelectric power stations, in the management of urban transport, in the oil and gas industry.
The competition took place over two days. The winner was Alisa Shevchenko , who discovered several zero-day vulnerabilities in the popular industrial automation system I ndusoft Web Studio 7.1 by Schneider Electric. Nikita Maksimov and Pavel Markov, who divided the second place, managed to disable ICP DAS’s RTU PET-7000 and select the password for the Allen-Bradley MicroLogix 1400 controller’s Rockwell Automation web interface, and the third was Dmitry Kazakov, who discovered XSS vulnerabilities (already known) in the web interfaces of Simatic S7-1200 controllers from Siemens.
The contestants managed to actively manage robots and cranes using the Modbus TCP protocol. Over the course of two days, many critical vulnerabilities were found, most of all in the Simatic S7-1200 controllers. In addition, at the end of the first day, one of the participants repeatedly sought the failure of the MiniWeb web server in WinCC Flexible 2008 SP3 Update4 .
In a real urban environment, the operation of most of the detected errors can lead to the most disastrous consequences - denial of service and disruption of the functioning of vital objects management systems. This in turn can lead to disruption of the vital activity of the city and collapse.
Following the principles of responsible disclosure of information about vulnerabilities, participants in the competition who have discovered new security errors will report them to the system manufacturers, and only after the problems are found, detailed information will be published about them.
The prize-winners of the competition received memorable gifts, and the winner Alice Shevchenko (who is one of the co-founders of the Moscow hackspace Neuron) was awarded a special prize - the flying camera Phantom 2 Vision + .
Photo: Alisa Shevchenko
Recall that last year the student of the North Caucasus Federal University, Mikhail Elizarov, and a student from Minsk, Arseny Levshin, were the winners of the Choo Choo Pwn competition.
The competition on critical infrastructure security analysis has been the highlight of the PHDays program for the second year in a row. In addition, Positive Technologies experts presented the Choo Choo Pwn booth at the Power of Community conference and at the Chaos CommunicationCongress 30C3 jubilee congress in Hamburg.
For the first time the competition under the name Choo Choo Pwn was held on PHDays III - then a model of the transport system was created for the competition, controlled by a real system of automated process control systems.
')
This year, the competitive infrastructure was radically updated, which opened up opportunities to detect zero-day vulnerabilities. The stand was supplemented by a large number of new SCADA systems (for example, Siemens TIA Portal 13 Pro and Schneider Electric ClearSCADA 2014 ) and various OPC servers ( Kepware KepServerEX , Honeywell Matrikon OPC ). Among the replenishments were also new HMI devices and a Siemens KTP 600 panel, a PLC ( Siemens Simatic S7-300 and S7-1500 ), as well as remote control devices (for example, ICP DAS PET-7067 ); One of the PLCs ( Schneider Electric MiCOM C264 ) was provided by KROK . A full list of elements of the competitive booth is presented in the text on the PHDays blog .
The stand was created by Positive Technologies information security expert Ilya Karpov and his colleagues from the group of security researchers at the automated process control system .
The contestants had to detect and exploit the vulnerabilities of SCADA-systems and industrial protocols in order to take control over the robotic arm, cargo crane, transport control systems and urban energy supply (in particular, street lighting). In addition, the layout was implemented the possibility of remote control of other objects - robots, individual plant facilities, railway crossings, cooling towers.
We emphasize that all competitive SCADA systems and controllers are actually used on a multitude of critical facilities in various industries - in factories and hydroelectric power stations, in the management of urban transport, in the oil and gas industry.
The competition took place over two days. The winner was Alisa Shevchenko , who discovered several zero-day vulnerabilities in the popular industrial automation system I ndusoft Web Studio 7.1 by Schneider Electric. Nikita Maksimov and Pavel Markov, who divided the second place, managed to disable ICP DAS’s RTU PET-7000 and select the password for the Allen-Bradley MicroLogix 1400 controller’s Rockwell Automation web interface, and the third was Dmitry Kazakov, who discovered XSS vulnerabilities (already known) in the web interfaces of Simatic S7-1200 controllers from Siemens.
The contestants managed to actively manage robots and cranes using the Modbus TCP protocol. Over the course of two days, many critical vulnerabilities were found, most of all in the Simatic S7-1200 controllers. In addition, at the end of the first day, one of the participants repeatedly sought the failure of the MiniWeb web server in WinCC Flexible 2008 SP3 Update4 .
In a real urban environment, the operation of most of the detected errors can lead to the most disastrous consequences - denial of service and disruption of the functioning of vital objects management systems. This in turn can lead to disruption of the vital activity of the city and collapse.
Following the principles of responsible disclosure of information about vulnerabilities, participants in the competition who have discovered new security errors will report them to the system manufacturers, and only after the problems are found, detailed information will be published about them.
The prize-winners of the competition received memorable gifts, and the winner Alice Shevchenko (who is one of the co-founders of the Moscow hackspace Neuron) was awarded a special prize - the flying camera Phantom 2 Vision + .
Photo: Alisa Shevchenko
Recall that last year the student of the North Caucasus Federal University, Mikhail Elizarov, and a student from Minsk, Arseny Levshin, were the winners of the Choo Choo Pwn competition.
The competition on critical infrastructure security analysis has been the highlight of the PHDays program for the second year in a row. In addition, Positive Technologies experts presented the Choo Choo Pwn booth at the Power of Community conference and at the Chaos CommunicationCongress 30C3 jubilee congress in Hamburg.
Source: https://habr.com/ru/post/226401/
All Articles