SlideShare a Scribd company logo

Industrial Remote Controllers Safety, Security, Vulnerabilities

Download as PPTX, PDF
Trend Micro
Trend Micro

Presentation by Dr. Marco Balduzzi from Hannover Messe 2019.

Technology
1 of 48
Industrial Remote Controllers Safety, Security, Vulnerabilities Dr. Marco Balduzzi Join work with J. Andersson, S. Hilt, P. Lin, F. Maggi, U. Akira, and R. Vosseler
2 Copyright © 2019 Trend Micro Incorporated. All rights reserved. CYBERCRIME TECHNOLOGY SOCIAL
3 Copyright © 2019 Trend Micro Incorporated. All rights reserved. CYBERCRIME
4 Copyright © 2019 Trend Micro Incorporated. All rights reserved. SOCIAL
5 Copyright © 2019 Trend Micro Incorporated. All rights reserved. TECHNOLOGY
6 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Industrial Remote Controllers
7 Copyright © 2019 Trend Micro Incorporated. All rights reserved.
8 Copyright © 2019 Trend Micro Incorporated. All rights reserved.
9 Copyright © 2019 Trend Micro Incorporated. All rights reserved.
10 Copyright © 2019 Trend Micro Incorporated. All rights reserved.
11 Copyright © 2019 Trend Micro Incorporated. All rights reserved.
12 Copyright © 2019 Trend Micro Incorporated. All rights reserved.
13 Copyright © 2019 Trend Micro Incorporated. All rights reserved. How they operate?
14 Copyright © 2019 Trend Micro Incorporated. All rights reserved. TRANSMITTER RECEIVER
15 Copyright © 2019 Trend Micro Incorporated. All rights reserved. RECEIVER ENGINE
16 Copyright © 2019 Trend Micro Incorporated. All rights reserved. FACTORY
17 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Preliminary on-site testing
18 Copyright © 2019 Trend Micro Incorporated. All rights reserved.
19 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Software Defined Radio
20 Copyright © 2019 Trend Micro Incorporated. All rights reserved. TW SAGA TW Juuko IT Autec IT ELCA TW Telecrane JP Circuit Design DE Hetronic International World-wide testing
21 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Record & Reply REPLYRECORD
22 Copyright © 2019 Trend Micro Incorporated. All rights reserved. What happened?
23 Copyright © 2019 Trend Micro Incorporated. All rights reserved.
24 Copyright © 2019 Trend Micro Incorporated. All rights reserved. TX RX MESSAGE 1 “UP”“UP”
25 Copyright © 2019 Trend Micro Incorporated. All rights reserved. TX RX MESSAGE 1 MESSAGE 2 “UP” “UP”
26 Copyright © 2019 Trend Micro Incorporated. All rights reserved. TX RX MESSAGE 1 MESSAGE 2 . . . . . . MESSAGE 100 “UP” “UP” MESSAGE 3
27 Copyright © 2019 Trend Micro Incorporated. All rights reserved. ALL messages are the same!
28 Copyright © 2019 Trend Micro Incorporated. All rights reserved. 1: Record & Replay Difficulty CostVendors ALL $$$$ ATTACKS
29 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Arbitrary Execution
30 Copyright © 2019 Trend Micro Incorporated. All rights reserved. 101010101010101010101010 1001001100001011 101000111011110 00001101 10100010 11110101…
31 Copyright © 2019 Trend Micro Incorporated. All rights reserved. SID CODE … CHECKSUM OF “UP” UP REVERSE ENGINEERING
32 Copyright © 2019 Trend Micro Incorporated. All rights reserved. SID CODE … CHECKSUM OF “E-STOP” COMMAND REPLACEMENT UP E-STOP
33 Copyright © 2019 Trend Micro Incorporated. All rights reserved. SID CODE … CHECKSUM OF “E-STOP” UP E-STOP DoS.. STOP OF PRODUCTION!
34 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Example of Analysis
35 Copyright © 2019 Trend Micro Incorporated. All rights reserved.
36 Copyright © 2019 Trend Micro Incorporated. All rights reserved.
37 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Reverse Engineering Logic Analyzer
38 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Reverse Engineering 00 01 10 11 RF Analysis
39 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Seq. ID [SID] [PAIRING_ID(4 bytes)] [SUM1] [0x00] [CMD] [0x000000] [SUM2] Cryptanalysis CMD
40 Copyright © 2019 Trend Micro Incorporated. All rights reserved. 1: Record & Replay 2: Command Injection 3: E-Stop Abuse 4: Malicious Re-pairing ALL $$$$ ALL $$$$ ALL PART $$$$ $$$$ OFF E-STOP E-STOP E-STOP DIFFICULTY COSTVENDORSATTACKS
41 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Long-Range Attacks
42 Copyright © 2019 Trend Micro Incorporated. All rights reserved. TARGET REMOTE ATTACKER LOCAL BRIDGE $40
43 Copyright © 2019 Trend Micro Incorporated. All rights reserved. IIoT Malware • Clear-text password transmission • Unprotected firmware • “Hijackable” checksum • Backdoors
44 Copyright © 2019 Trend Micro Incorporated. All rights reserved. 1: Record & Replay 2: Command Injection 3: E-Stop Abuse 4: Malicious Re-pairing $$$$ $$$$ $$$$ $$$$ OFF E-STOP E-STOP E-STOP 5: Malicious Re-programming $$$$ DIFFICOLTY COSTVENDORSATTACKS ALL ALL ALL PART PART
45 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Conclusions
46 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Responsible Disclosure • 10 new vulnerabilities • TM’s Zero Day Initiative and ICS-Cert • Long term coordination with vendors (120+ days) • Improved SDLC • Awareness
47 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Vendors Users • Use open technologies and standards (e.g., Bluetooth) • Adopt rolling codes and encryption • Protect the firmware • User maintenance! • Promote vendors adopting open technologies • Maintenance – Updates – Period change of secrets
48 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Thanks! Questions? Contact: marco_balduzzi(at)trendmicro.com

Recommended

Net2Vec: Deep Learning for 5G Network Security
Net2Vec: Deep Learning for 5G Network SecurityNet2Vec: Deep Learning for 5G Network Security
Net2Vec: Deep Learning for 5G Network SecurityBig Data Value Association
 
VU ICT4D symposium 2017 Francis Dittoh Mr. Meteo
VU ICT4D symposium 2017 Francis Dittoh Mr. MeteoVU ICT4D symposium 2017 Francis Dittoh Mr. Meteo
VU ICT4D symposium 2017 Francis Dittoh Mr. MeteoVictor de Boer
 
Business innovation rick huijbregts 16oct2013
Business innovation rick huijbregts 16oct2013Business innovation rick huijbregts 16oct2013
Business innovation rick huijbregts 16oct2013Rick Huijbregts
 
Thinxtra, Sigfox and Xamarin
Thinxtra, Sigfox and XamarinThinxtra, Sigfox and Xamarin
Thinxtra, Sigfox and XamarinRod Hemphill
 
State of the Technology
State of the TechnologyState of the Technology
State of the TechnologyNFC Forum
 
02. R U Sure U R Secure
02. R U Sure U R Secure02. R U Sure U R Secure
02. R U Sure U R SecureDirectorate of Information Security | Ditjen Aptika
 
Mindray product cheat sheet 2017
Mindray product cheat sheet 2017Mindray product cheat sheet 2017
Mindray product cheat sheet 2017Mike Wanjek
 
New Features Coming to Android O
New Features Coming to Android ONew Features Coming to Android O
New Features Coming to Android OKeyideas Infotech Private Limited
 

Recommended

Net2Vec: Deep Learning for 5G Network Security
Net2Vec: Deep Learning for 5G Network SecurityNet2Vec: Deep Learning for 5G Network Security
Net2Vec: Deep Learning for 5G Network SecurityBig Data Value Association
 
VU ICT4D symposium 2017 Francis Dittoh Mr. Meteo
VU ICT4D symposium 2017 Francis Dittoh Mr. MeteoVU ICT4D symposium 2017 Francis Dittoh Mr. Meteo
VU ICT4D symposium 2017 Francis Dittoh Mr. MeteoVictor de Boer
 
Business innovation rick huijbregts 16oct2013
Business innovation rick huijbregts 16oct2013Business innovation rick huijbregts 16oct2013
Business innovation rick huijbregts 16oct2013Rick Huijbregts
 
Thinxtra, Sigfox and Xamarin
Thinxtra, Sigfox and XamarinThinxtra, Sigfox and Xamarin
Thinxtra, Sigfox and XamarinRod Hemphill
 
State of the Technology
State of the TechnologyState of the Technology
State of the TechnologyNFC Forum
 
02. R U Sure U R Secure
02. R U Sure U R Secure02. R U Sure U R Secure
02. R U Sure U R SecureDirectorate of Information Security | Ditjen Aptika
 
Mindray product cheat sheet 2017
Mindray product cheat sheet 2017Mindray product cheat sheet 2017
Mindray product cheat sheet 2017Mike Wanjek
 
New Features Coming to Android O
New Features Coming to Android ONew Features Coming to Android O
New Features Coming to Android OKeyideas Infotech Private Limited
 
IRJET- Cyber Attacks on Smart Cars using SDR
IRJET- Cyber Attacks on Smart Cars using SDRIRJET- Cyber Attacks on Smart Cars using SDR
IRJET- Cyber Attacks on Smart Cars using SDRIRJET Journal
 
Three Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and EngineeringThree Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and EngineeringWaterfall Security Solutions
 
CCET-GBC Fueling Innovation for Construction and Real Estate with IoE
CCET-GBC Fueling Innovation for Construction and Real Estate with IoECCET-GBC Fueling Innovation for Construction and Real Estate with IoE
CCET-GBC Fueling Innovation for Construction and Real Estate with IoERick Huijbregts
 
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...African Cyber Security Summit
 
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...BlueHat Security Conference
 
DDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in DefenseDDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in DefenseNETSCOUT
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
Smau milano 2013 lorenzo fava
Smau milano 2013 lorenzo favaSmau milano 2013 lorenzo fava
Smau milano 2013 lorenzo favaSMAU
 
The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...44CON
 
Having Fun With RFID
Having Fun With RFIDHaving Fun With RFID
Having Fun With RFIDFathi Kamil Mohad Zainuddin
 
Carrier ID: Are You Ready to Turn Carrier ID On?
Carrier ID: Are You Ready to Turn Carrier ID On?Carrier ID: Are You Ready to Turn Carrier ID On?
Carrier ID: Are You Ready to Turn Carrier ID On?Newtec
 
Trend Micro Solutions Overview
Trend Micro Solutions OverviewTrend Micro Solutions Overview
Trend Micro Solutions OverviewJohn D. Haden
 
PRESENTATION-GIANT
PRESENTATION-GIANTPRESENTATION-GIANT
PRESENTATION-GIANTDinos Volidis
 
Ensure Every Customer Matters With End User Monitoring at AppD Global Tour Lo...
Ensure Every Customer Matters With End User Monitoring at AppD Global Tour Lo...Ensure Every Customer Matters With End User Monitoring at AppD Global Tour Lo...
Ensure Every Customer Matters With End User Monitoring at AppD Global Tour Lo...AppDynamics
 
Industrial Cyber Security - EVF 2019 Alexandre Darcherif
Industrial Cyber Security - EVF 2019 Alexandre DarcherifIndustrial Cyber Security - EVF 2019 Alexandre Darcherif
Industrial Cyber Security - EVF 2019 Alexandre DarcherifAlexandre Darcherif
 
PICDEM2PlusUserGuide.pdf
PICDEM2PlusUserGuide.pdfPICDEM2PlusUserGuide.pdf
PICDEM2PlusUserGuide.pdfasconindia
 
Global-WAN - The Swiss Neutral Data Haven
Global-WAN - The Swiss Neutral Data HavenGlobal-WAN - The Swiss Neutral Data Haven
Global-WAN - The Swiss Neutral Data HavenTWD Industries AG
 
Meet the New VxWorks (Sep.2019)
Meet the New VxWorks (Sep.2019)Meet the New VxWorks (Sep.2019)
Meet the New VxWorks (Sep.2019)Wind River
 
Transforming the world with Information technology
Transforming the world with Information technologyTransforming the world with Information technology
Transforming the world with Information technologyGlenn Klith Andersen
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxArianeSpano
 
Investigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at LargeInvestigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at LargeTrend Micro
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Trend Micro
 

More Related Content

Similar to Industrial Remote Controllers Safety, Security, Vulnerabilities

IRJET- Cyber Attacks on Smart Cars using SDR
IRJET- Cyber Attacks on Smart Cars using SDRIRJET- Cyber Attacks on Smart Cars using SDR
IRJET- Cyber Attacks on Smart Cars using SDRIRJET Journal
 
Three Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and EngineeringThree Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and EngineeringWaterfall Security Solutions
 
CCET-GBC Fueling Innovation for Construction and Real Estate with IoE
CCET-GBC Fueling Innovation for Construction and Real Estate with IoECCET-GBC Fueling Innovation for Construction and Real Estate with IoE
CCET-GBC Fueling Innovation for Construction and Real Estate with IoERick Huijbregts
 
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...African Cyber Security Summit
 
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...BlueHat Security Conference
 
DDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in DefenseDDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in DefenseNETSCOUT
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
Smau milano 2013 lorenzo fava
Smau milano 2013 lorenzo favaSmau milano 2013 lorenzo fava
Smau milano 2013 lorenzo favaSMAU
 
The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...44CON
 
Carrier ID: Are You Ready to Turn Carrier ID On?
Carrier ID: Are You Ready to Turn Carrier ID On?Carrier ID: Are You Ready to Turn Carrier ID On?
Carrier ID: Are You Ready to Turn Carrier ID On?Newtec
 
Trend Micro Solutions Overview
Trend Micro Solutions OverviewTrend Micro Solutions Overview
Trend Micro Solutions OverviewJohn D. Haden
 
Ensure Every Customer Matters With End User Monitoring at AppD Global Tour Lo...
Ensure Every Customer Matters With End User Monitoring at AppD Global Tour Lo...Ensure Every Customer Matters With End User Monitoring at AppD Global Tour Lo...
Ensure Every Customer Matters With End User Monitoring at AppD Global Tour Lo...AppDynamics
 
Industrial Cyber Security - EVF 2019 Alexandre Darcherif
Industrial Cyber Security - EVF 2019 Alexandre DarcherifIndustrial Cyber Security - EVF 2019 Alexandre Darcherif
Industrial Cyber Security - EVF 2019 Alexandre DarcherifAlexandre Darcherif
 
PICDEM2PlusUserGuide.pdf
PICDEM2PlusUserGuide.pdfPICDEM2PlusUserGuide.pdf
PICDEM2PlusUserGuide.pdfasconindia
 
Global-WAN - The Swiss Neutral Data Haven
Global-WAN - The Swiss Neutral Data HavenGlobal-WAN - The Swiss Neutral Data Haven
Global-WAN - The Swiss Neutral Data HavenTWD Industries AG
 
Meet the New VxWorks (Sep.2019)
Meet the New VxWorks (Sep.2019)Meet the New VxWorks (Sep.2019)
Meet the New VxWorks (Sep.2019)Wind River
 
Transforming the world with Information technology
Transforming the world with Information technologyTransforming the world with Information technology
Transforming the world with Information technologyGlenn Klith Andersen
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxArianeSpano
 

Similar to Industrial Remote Controllers Safety, Security, Vulnerabilities (20)

IRJET- Cyber Attacks on Smart Cars using SDR
IRJET- Cyber Attacks on Smart Cars using SDRIRJET- Cyber Attacks on Smart Cars using SDR
IRJET- Cyber Attacks on Smart Cars using SDR
 
Three Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and EngineeringThree Networks, Different Risks - IT, OT and Engineering
Three Networks, Different Risks - IT, OT and Engineering
 
CCET-GBC Fueling Innovation for Construction and Real Estate with IoE
CCET-GBC Fueling Innovation for Construction and Real Estate with IoECCET-GBC Fueling Innovation for Construction and Real Estate with IoE
CCET-GBC Fueling Innovation for Construction and Real Estate with IoE
 
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
 
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
 
DDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in DefenseDDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in Defense
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
 
Smau milano 2013 lorenzo fava
Smau milano 2013 lorenzo favaSmau milano 2013 lorenzo fava
Smau milano 2013 lorenzo fava
 
The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...
 
Having Fun With RFID
Having Fun With RFIDHaving Fun With RFID
Having Fun With RFID
 
Carrier ID: Are You Ready to Turn Carrier ID On?
Carrier ID: Are You Ready to Turn Carrier ID On?Carrier ID: Are You Ready to Turn Carrier ID On?
Carrier ID: Are You Ready to Turn Carrier ID On?
 
Trend Micro Solutions Overview
Trend Micro Solutions OverviewTrend Micro Solutions Overview
Trend Micro Solutions Overview
 
PRESENTATION-GIANT
PRESENTATION-GIANTPRESENTATION-GIANT
PRESENTATION-GIANT
 
Ensure Every Customer Matters With End User Monitoring at AppD Global Tour Lo...
Ensure Every Customer Matters With End User Monitoring at AppD Global Tour Lo...Ensure Every Customer Matters With End User Monitoring at AppD Global Tour Lo...
Ensure Every Customer Matters With End User Monitoring at AppD Global Tour Lo...
 
Industrial Cyber Security - EVF 2019 Alexandre Darcherif
Industrial Cyber Security - EVF 2019 Alexandre DarcherifIndustrial Cyber Security - EVF 2019 Alexandre Darcherif
Industrial Cyber Security - EVF 2019 Alexandre Darcherif
 
PICDEM2PlusUserGuide.pdf
PICDEM2PlusUserGuide.pdfPICDEM2PlusUserGuide.pdf
PICDEM2PlusUserGuide.pdf
 
Global-WAN - The Swiss Neutral Data Haven
Global-WAN - The Swiss Neutral Data HavenGlobal-WAN - The Swiss Neutral Data Haven
Global-WAN - The Swiss Neutral Data Haven
 
Meet the New VxWorks (Sep.2019)
Meet the New VxWorks (Sep.2019)Meet the New VxWorks (Sep.2019)
Meet the New VxWorks (Sep.2019)
 
Transforming the world with Information technology
Transforming the world with Information technologyTransforming the world with Information technology
Transforming the world with Information technology
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
 

More from Trend Micro

Investigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at LargeInvestigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at LargeTrend Micro
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Trend Micro
 
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Trend Micro
 
Skip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSSkip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSTrend Micro
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Trend Micro
 
Mobile Telephony Threats in Asia
Mobile Telephony Threats in AsiaMobile Telephony Threats in Asia
Mobile Telephony Threats in AsiaTrend Micro
 
Cybercrime In The Deep Web
Cybercrime In The Deep WebCybercrime In The Deep Web
Cybercrime In The Deep WebTrend Micro
 
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)Trend Micro
 
HBR APT framework
HBR APT frameworkHBR APT framework
HBR APT frameworkTrend Micro
 
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsCaptain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsTrend Micro
 
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryCountering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryTrend Micro
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksTrend Micro
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest Texas[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest TexasTrend Micro
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloudTrend Micro
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesTrend Micro
 
Threat predictions 2011
Threat predictions 2011 Threat predictions 2011
Threat predictions 2011 Trend Micro
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep securityTrend Micro
 
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryAssuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryTrend Micro
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 

More from Trend Micro (20)

Investigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at LargeInvestigating Web Defacement Campaigns at Large
Investigating Web Defacement Campaigns at Large
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
 
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
Automated Security for the Real-time Enterprise with VMware NSX and Trend Mic...
 
Skip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSSkip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWS
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
 
Mobile Telephony Threats in Asia
Mobile Telephony Threats in AsiaMobile Telephony Threats in Asia
Mobile Telephony Threats in Asia
 
Cybercrime In The Deep Web
Cybercrime In The Deep WebCybercrime In The Deep Web
Cybercrime In The Deep Web
 
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed: New vulnerabilities and attacks. (HITB AMS 2014)
 
HBR APT framework
HBR APT frameworkHBR APT framework
HBR APT framework
 
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsCaptain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
 
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryCountering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep Discovery
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted Attacks
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
 
[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest Texas[Case Study ~ 2011] Baptist Hospitals of Southest Texas
[Case Study ~ 2011] Baptist Hospitals of Southest Texas
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
 
Threat predictions 2011
Threat predictions 2011 Threat predictions 2011
Threat predictions 2011
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep security
 
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryAssuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryption
 

Recently uploaded

Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 

Recently uploaded (20)

Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 

Industrial Remote Controllers Safety, Security, Vulnerabilities

  • 1. Industrial Remote Controllers Safety, Security, Vulnerabilities Dr. Marco Balduzzi Join work with J. Andersson, S. Hilt, P. Lin, F. Maggi, U. Akira, and R. Vosseler
  • 2. 2 Copyright © 2019 Trend Micro Incorporated. All rights reserved. CYBERCRIME TECHNOLOGY SOCIAL
  • 3. 3 Copyright © 2019 Trend Micro Incorporated. All rights reserved. CYBERCRIME
  • 4. 4 Copyright © 2019 Trend Micro Incorporated. All rights reserved. SOCIAL
  • 5. 5 Copyright © 2019 Trend Micro Incorporated. All rights reserved. TECHNOLOGY
  • 6. 6 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Industrial Remote Controllers
  • 7. 7 Copyright © 2019 Trend Micro Incorporated. All rights reserved.
  • 8. 8 Copyright © 2019 Trend Micro Incorporated. All rights reserved.
  • 9. 9 Copyright © 2019 Trend Micro Incorporated. All rights reserved.
  • 10. 10 Copyright © 2019 Trend Micro Incorporated. All rights reserved.
  • 11. 11 Copyright © 2019 Trend Micro Incorporated. All rights reserved.
  • 12. 12 Copyright © 2019 Trend Micro Incorporated. All rights reserved.
  • 13. 13 Copyright © 2019 Trend Micro Incorporated. All rights reserved. How they operate?
  • 14. 14 Copyright © 2019 Trend Micro Incorporated. All rights reserved. TRANSMITTER RECEIVER
  • 15. 15 Copyright © 2019 Trend Micro Incorporated. All rights reserved. RECEIVER ENGINE
  • 16. 16 Copyright © 2019 Trend Micro Incorporated. All rights reserved. FACTORY
  • 17. 17 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Preliminary on-site testing
  • 18. 18 Copyright © 2019 Trend Micro Incorporated. All rights reserved.
  • 19. 19 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Software Defined Radio
  • 20. 20 Copyright © 2019 Trend Micro Incorporated. All rights reserved. TW SAGA TW Juuko IT Autec IT ELCA TW Telecrane JP Circuit Design DE Hetronic International World-wide testing
  • 21. 21 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Record & Reply REPLYRECORD
  • 22. 22 Copyright © 2019 Trend Micro Incorporated. All rights reserved. What happened?
  • 23. 23 Copyright © 2019 Trend Micro Incorporated. All rights reserved.
  • 24. 24 Copyright © 2019 Trend Micro Incorporated. All rights reserved. TX RX MESSAGE 1 “UP”“UP”
  • 25. 25 Copyright © 2019 Trend Micro Incorporated. All rights reserved. TX RX MESSAGE 1 MESSAGE 2 “UP” “UP”
  • 26. 26 Copyright © 2019 Trend Micro Incorporated. All rights reserved. TX RX MESSAGE 1 MESSAGE 2 . . . . . . MESSAGE 100 “UP” “UP” MESSAGE 3
  • 27. 27 Copyright © 2019 Trend Micro Incorporated. All rights reserved. ALL messages are the same!
  • 28. 28 Copyright © 2019 Trend Micro Incorporated. All rights reserved. 1: Record & Replay Difficulty CostVendors ALL $$$$ ATTACKS
  • 29. 29 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Arbitrary Execution
  • 30. 30 Copyright © 2019 Trend Micro Incorporated. All rights reserved. 101010101010101010101010 1001001100001011 101000111011110 00001101 10100010 11110101…
  • 31. 31 Copyright © 2019 Trend Micro Incorporated. All rights reserved. SID CODE … CHECKSUM OF “UP” UP REVERSE ENGINEERING
  • 32. 32 Copyright © 2019 Trend Micro Incorporated. All rights reserved. SID CODE … CHECKSUM OF “E-STOP” COMMAND REPLACEMENT UP E-STOP
  • 33. 33 Copyright © 2019 Trend Micro Incorporated. All rights reserved. SID CODE … CHECKSUM OF “E-STOP” UP E-STOP DoS.. STOP OF PRODUCTION!
  • 34. 34 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Example of Analysis
  • 35. 35 Copyright © 2019 Trend Micro Incorporated. All rights reserved.
  • 36. 36 Copyright © 2019 Trend Micro Incorporated. All rights reserved.
  • 37. 37 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Reverse Engineering Logic Analyzer
  • 38. 38 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Reverse Engineering 00 01 10 11 RF Analysis
  • 39. 39 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Seq. ID [SID] [PAIRING_ID(4 bytes)] [SUM1] [0x00] [CMD] [0x000000] [SUM2] Cryptanalysis CMD
  • 40. 40 Copyright © 2019 Trend Micro Incorporated. All rights reserved. 1: Record & Replay 2: Command Injection 3: E-Stop Abuse 4: Malicious Re-pairing ALL $$$$ ALL $$$$ ALL PART $$$$ $$$$ OFF E-STOP E-STOP E-STOP DIFFICULTY COSTVENDORSATTACKS
  • 41. 41 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Long-Range Attacks
  • 42. 42 Copyright © 2019 Trend Micro Incorporated. All rights reserved. TARGET REMOTE ATTACKER LOCAL BRIDGE $40
  • 43. 43 Copyright © 2019 Trend Micro Incorporated. All rights reserved. IIoT Malware • Clear-text password transmission • Unprotected firmware • “Hijackable” checksum • Backdoors
  • 44. 44 Copyright © 2019 Trend Micro Incorporated. All rights reserved. 1: Record & Replay 2: Command Injection 3: E-Stop Abuse 4: Malicious Re-pairing $$$$ $$$$ $$$$ $$$$ OFF E-STOP E-STOP E-STOP 5: Malicious Re-programming $$$$ DIFFICOLTY COSTVENDORSATTACKS ALL ALL ALL PART PART
  • 45. 45 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Conclusions
  • 46. 46 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Responsible Disclosure • 10 new vulnerabilities • TM’s Zero Day Initiative and ICS-Cert • Long term coordination with vendors (120+ days) • Improved SDLC • Awareness
  • 47. 47 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Vendors Users • Use open technologies and standards (e.g., Bluetooth) • Adopt rolling codes and encryption • Protect the firmware • User maintenance! • Promote vendors adopting open technologies • Maintenance – Updates – Period change of secrets
  • 48. 48 Copyright © 2019 Trend Micro Incorporated. All rights reserved. Thanks! Questions? Contact: marco_balduzzi(at)trendmicro.com