Submit Search
Upload
Industrial Remote Controllers Safety, Security, Vulnerabilities
•
Download as PPTX, PDF
•
1 like
•
3,173 views
Trend Micro
Follow
Presentation by Dr. Marco Balduzzi from Hannover Messe 2019.
Read less
Read more
Technology
Slideshow view
Report
Share
Slideshow view
Report
Share
1 of 48
Download now
Recommended
Net2Vec: Deep Learning for 5G Network Security
Net2Vec: Deep Learning for 5G Network Security
Big Data Value Association
VU ICT4D symposium 2017 Francis Dittoh Mr. Meteo
VU ICT4D symposium 2017 Francis Dittoh Mr. Meteo
Victor de Boer
Business innovation rick huijbregts 16oct2013
Business innovation rick huijbregts 16oct2013
Rick Huijbregts
Thinxtra, Sigfox and Xamarin
Thinxtra, Sigfox and Xamarin
Rod Hemphill
State of the Technology
State of the Technology
NFC Forum
02. R U Sure U R Secure
02. R U Sure U R Secure
Directorate of Information Security | Ditjen Aptika
Mindray product cheat sheet 2017
Mindray product cheat sheet 2017
Mike Wanjek
New Features Coming to Android O
New Features Coming to Android O
Keyideas Infotech Private Limited
Recommended
Net2Vec: Deep Learning for 5G Network Security
Net2Vec: Deep Learning for 5G Network Security
Big Data Value Association
VU ICT4D symposium 2017 Francis Dittoh Mr. Meteo
VU ICT4D symposium 2017 Francis Dittoh Mr. Meteo
Victor de Boer
Business innovation rick huijbregts 16oct2013
Business innovation rick huijbregts 16oct2013
Rick Huijbregts
Thinxtra, Sigfox and Xamarin
Thinxtra, Sigfox and Xamarin
Rod Hemphill
State of the Technology
State of the Technology
NFC Forum
02. R U Sure U R Secure
02. R U Sure U R Secure
Directorate of Information Security | Ditjen Aptika
Mindray product cheat sheet 2017
Mindray product cheat sheet 2017
Mike Wanjek
New Features Coming to Android O
New Features Coming to Android O
Keyideas Infotech Private Limited
IRJET- Cyber Attacks on Smart Cars using SDR
IRJET- Cyber Attacks on Smart Cars using SDR
IRJET Journal
Three Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and Engineering
Waterfall Security Solutions
CCET-GBC Fueling Innovation for Construction and Real Estate with IoE
CCET-GBC Fueling Innovation for Construction and Real Estate with IoE
Rick Huijbregts
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
African Cyber Security Summit
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat Security Conference
DDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in Defense
NETSCOUT
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
SecPod Technologies
Smau milano 2013 lorenzo fava
Smau milano 2013 lorenzo fava
SMAU
The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...
44CON
Having Fun With RFID
Having Fun With RFID
Fathi Kamil Mohad Zainuddin
Carrier ID: Are You Ready to Turn Carrier ID On?
Carrier ID: Are You Ready to Turn Carrier ID On?
Newtec
Trend Micro Solutions Overview
Trend Micro Solutions Overview
John D. Haden
PRESENTATION-GIANT
PRESENTATION-GIANT
Dinos Volidis
Ensure Every Customer Matters With End User Monitoring at AppD Global Tour Lo...
Ensure Every Customer Matters With End User Monitoring at AppD Global Tour Lo...
AppDynamics
Industrial Cyber Security - EVF 2019 Alexandre Darcherif
Industrial Cyber Security - EVF 2019 Alexandre Darcherif
Alexandre Darcherif
PICDEM2PlusUserGuide.pdf
PICDEM2PlusUserGuide.pdf
asconindia
Global-WAN - The Swiss Neutral Data Haven
Global-WAN - The Swiss Neutral Data Haven
TWD Industries AG
Meet the New VxWorks (Sep.2019)
Meet the New VxWorks (Sep.2019)
Wind River
Transforming the world with Information technology
Transforming the world with Information technology
Glenn Klith Andersen
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
ArianeSpano
Investigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at Large
Trend Micro
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Trend Micro
More Related Content
Similar to Industrial Remote Controllers Safety, Security, Vulnerabilities
IRJET- Cyber Attacks on Smart Cars using SDR
IRJET- Cyber Attacks on Smart Cars using SDR
IRJET Journal
Three Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and Engineering
Waterfall Security Solutions
CCET-GBC Fueling Innovation for Construction and Real Estate with IoE
CCET-GBC Fueling Innovation for Construction and Real Estate with IoE
Rick Huijbregts
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
African Cyber Security Summit
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat Security Conference
DDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in Defense
NETSCOUT
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
SecPod Technologies
Smau milano 2013 lorenzo fava
Smau milano 2013 lorenzo fava
SMAU
The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...
44CON
Having Fun With RFID
Having Fun With RFID
Fathi Kamil Mohad Zainuddin
Carrier ID: Are You Ready to Turn Carrier ID On?
Carrier ID: Are You Ready to Turn Carrier ID On?
Newtec
Trend Micro Solutions Overview
Trend Micro Solutions Overview
John D. Haden
PRESENTATION-GIANT
PRESENTATION-GIANT
Dinos Volidis
Ensure Every Customer Matters With End User Monitoring at AppD Global Tour Lo...
Ensure Every Customer Matters With End User Monitoring at AppD Global Tour Lo...
AppDynamics
Industrial Cyber Security - EVF 2019 Alexandre Darcherif
Industrial Cyber Security - EVF 2019 Alexandre Darcherif
Alexandre Darcherif
PICDEM2PlusUserGuide.pdf
PICDEM2PlusUserGuide.pdf
asconindia
Global-WAN - The Swiss Neutral Data Haven
Global-WAN - The Swiss Neutral Data Haven
TWD Industries AG
Meet the New VxWorks (Sep.2019)
Meet the New VxWorks (Sep.2019)
Wind River
Transforming the world with Information technology
Transforming the world with Information technology
Glenn Klith Andersen
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
ArianeSpano
Similar to Industrial Remote Controllers Safety, Security, Vulnerabilities
(20)
IRJET- Cyber Attacks on Smart Cars using SDR
IRJET- Cyber Attacks on Smart Cars using SDR
Three Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and Engineering
CCET-GBC Fueling Innovation for Construction and Real Estate with IoE
CCET-GBC Fueling Innovation for Construction and Real Estate with IoE
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
DDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in Defense
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
Smau milano 2013 lorenzo fava
Smau milano 2013 lorenzo fava
The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...
Having Fun With RFID
Having Fun With RFID
Carrier ID: Are You Ready to Turn Carrier ID On?
Carrier ID: Are You Ready to Turn Carrier ID On?
Trend Micro Solutions Overview
Trend Micro Solutions Overview
PRESENTATION-GIANT
PRESENTATION-GIANT
Ensure Every Customer Matters With End User Monitoring at AppD Global Tour Lo...
Ensure Every Customer Matters With End User Monitoring at AppD Global Tour Lo...
Industrial Cyber Security - EVF 2019 Alexandre Darcherif
Industrial Cyber Security - EVF 2019 Alexandre Darcherif
PICDEM2PlusUserGuide.pdf
PICDEM2PlusUserGuide.pdf
Global-WAN - The Swiss Neutral Data Haven
Global-WAN - The Swiss Neutral Data Haven
Meet the New VxWorks (Sep.2019)
Meet the New VxWorks (Sep.2019)
Transforming the world with Information technology
Transforming the world with Information technology
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
More from Trend Micro
Investigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at Large
Trend Micro
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Trend Micro
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Trend Micro
Skip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWS
Trend Micro
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Trend Micro
Mobile Telephony Threats in Asia
Mobile Telephony Threats in Asia
Trend Micro
Cybercrime In The Deep Web
Cybercrime In The Deep Web
Trend Micro
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
Trend Micro
HBR APT framework
HBR APT framework
Trend Micro
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
Trend Micro
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Trend Micro
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted Attacks
Trend Micro
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
Trend Micro
[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest Texas
Trend Micro
Who owns security in the cloud
Who owns security in the cloud
Trend Micro
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Trend Micro
Threat predictions 2011
Threat predictions 2011
Trend Micro
Trend micro deep security
Trend micro deep security
Trend Micro
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
Trend Micro
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryption
Trend Micro
More from Trend Micro
(20)
Investigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at Large
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Skip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWS
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Mobile Telephony Threats in Asia
Mobile Telephony Threats in Asia
Cybercrime In The Deep Web
Cybercrime In The Deep Web
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
HBR APT framework
HBR APT framework
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep Discovery
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted Attacks
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest Texas
Who owns security in the cloud
Who owns security in the cloud
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Threat predictions 2011
Threat predictions 2011
Trend micro deep security
Trend micro deep security
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryption
Recently uploaded
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
WSO2
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Zilliz
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Sandro Moreira
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
Zilliz
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard37
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Remote DBA Services
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Deepika Singh
Recently uploaded
(20)
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Industrial Remote Controllers Safety, Security, Vulnerabilities
1.
Industrial Remote Controllers Safety,
Security, Vulnerabilities Dr. Marco Balduzzi Join work with J. Andersson, S. Hilt, P. Lin, F. Maggi, U. Akira, and R. Vosseler
2.
2 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. CYBERCRIME TECHNOLOGY SOCIAL
3.
3 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. CYBERCRIME
4.
4 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. SOCIAL
5.
5 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. TECHNOLOGY
6.
6 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. Industrial Remote Controllers
7.
7 Copyright ©
2019 Trend Micro Incorporated. All rights reserved.
8.
8 Copyright ©
2019 Trend Micro Incorporated. All rights reserved.
9.
9 Copyright ©
2019 Trend Micro Incorporated. All rights reserved.
10.
10 Copyright ©
2019 Trend Micro Incorporated. All rights reserved.
11.
11 Copyright ©
2019 Trend Micro Incorporated. All rights reserved.
12.
12 Copyright ©
2019 Trend Micro Incorporated. All rights reserved.
13.
13 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. How they operate?
14.
14 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. TRANSMITTER RECEIVER
15.
15 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. RECEIVER ENGINE
16.
16 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. FACTORY
17.
17 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. Preliminary on-site testing
18.
18 Copyright ©
2019 Trend Micro Incorporated. All rights reserved.
19.
19 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. Software Defined Radio
20.
20 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. TW SAGA TW Juuko IT Autec IT ELCA TW Telecrane JP Circuit Design DE Hetronic International World-wide testing
21.
21 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. Record & Reply REPLYRECORD
22.
22 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. What happened?
23.
23 Copyright ©
2019 Trend Micro Incorporated. All rights reserved.
24.
24 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. TX RX MESSAGE 1 “UP”“UP”
25.
25 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. TX RX MESSAGE 1 MESSAGE 2 “UP” “UP”
26.
26 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. TX RX MESSAGE 1 MESSAGE 2 . . . . . . MESSAGE 100 “UP” “UP” MESSAGE 3
27.
27 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. ALL messages are the same!
28.
28 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. 1: Record & Replay Difficulty CostVendors ALL $$$$ ATTACKS
29.
29 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. Arbitrary Execution
30.
30 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. 101010101010101010101010 1001001100001011 101000111011110 00001101 10100010 11110101…
31.
31 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. SID CODE … CHECKSUM OF “UP” UP REVERSE ENGINEERING
32.
32 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. SID CODE … CHECKSUM OF “E-STOP” COMMAND REPLACEMENT UP E-STOP
33.
33 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. SID CODE … CHECKSUM OF “E-STOP” UP E-STOP DoS.. STOP OF PRODUCTION!
34.
34 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. Example of Analysis
35.
35 Copyright ©
2019 Trend Micro Incorporated. All rights reserved.
36.
36 Copyright ©
2019 Trend Micro Incorporated. All rights reserved.
37.
37 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. Reverse Engineering Logic Analyzer
38.
38 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. Reverse Engineering 00 01 10 11 RF Analysis
39.
39 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. Seq. ID [SID] [PAIRING_ID(4 bytes)] [SUM1] [0x00] [CMD] [0x000000] [SUM2] Cryptanalysis CMD
40.
40 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. 1: Record & Replay 2: Command Injection 3: E-Stop Abuse 4: Malicious Re-pairing ALL $$$$ ALL $$$$ ALL PART $$$$ $$$$ OFF E-STOP E-STOP E-STOP DIFFICULTY COSTVENDORSATTACKS
41.
41 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. Long-Range Attacks
42.
42 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. TARGET REMOTE ATTACKER LOCAL BRIDGE $40
43.
43 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. IIoT Malware • Clear-text password transmission • Unprotected firmware • “Hijackable” checksum • Backdoors
44.
44 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. 1: Record & Replay 2: Command Injection 3: E-Stop Abuse 4: Malicious Re-pairing $$$$ $$$$ $$$$ $$$$ OFF E-STOP E-STOP E-STOP 5: Malicious Re-programming $$$$ DIFFICOLTY COSTVENDORSATTACKS ALL ALL ALL PART PART
45.
45 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. Conclusions
46.
46 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. Responsible Disclosure • 10 new vulnerabilities • TM’s Zero Day Initiative and ICS-Cert • Long term coordination with vendors (120+ days) • Improved SDLC • Awareness
47.
47 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. Vendors Users • Use open technologies and standards (e.g., Bluetooth) • Adopt rolling codes and encryption • Protect the firmware • User maintenance! • Promote vendors adopting open technologies • Maintenance – Updates – Period change of secrets
48.
48 Copyright ©
2019 Trend Micro Incorporated. All rights reserved. Thanks! Questions? Contact: marco_balduzzi(at)trendmicro.com
Download now