Ghost in the PLC: Designing an Undetectable Programmable Logic Controller Rootkit via Pin Control Attack

Ali Abbasi, Majid Hashemi

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    73 Citations (Scopus)
    443 Downloads (Pure)


    Input/Output is the mechanisms through which embedded systems interact and control the outside world. Particularly when employed in mission critical systems, the I/O of embedded systems has to be both reliable and secure. Embedded system’s I/O is controlled by a pin based approach. In this paper, we investigate the security implications of embedded system’s pin control. In particular, we show how an attacker can tamper with the integrity and availability of an embedded system’s I/O by exploiting cerain pin control operations and the lack of hardware interrupts associated to them.
    Original languageUndefined
    Title of host publicationBlack Hat Europe
    Place of PublicationUnited Kingdom
    PublisherBlack Hat
    Number of pages35
    ISBN (Print)not assigned
    Publication statusPublished - 3 Nov 2016
    EventBlack Hat Europe 2016 - London, UK
    Duration: 3 Nov 20164 Nov 2016

    Publication series

    PublisherBlack Hat


    ConferenceBlack Hat Europe 2016
    Other3-4 November 2016


    • SCS-Cybersecurity
    • PLC
    • Pin
    • SoC
    • EC Grant Agreement nr.: FP7/607093
    • IR-102383
    • Exploit
    • Attack
    • Rootkit
    • METIS-319497
    • EWI-27470

    Cite this