Ghost in the PLC: Designing an Undetectable Programmable Logic Controller Rootkit via Pin Control Attack

Ali Abbasi; Majid Hashemi

Ghost in the PLC: Designing an Undetectable Programmable Logic Controller Rootkit via Pin Control Attack

Ali Abbasi, Majid Hashemi

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

73 Citations (Scopus)

443 Downloads (Pure)

Abstract

Input/Output is the mechanisms through which embedded systems interact and control the outside world. Particularly when employed in mission critical systems, the I/O of embedded systems has to be both reliable and secure. Embedded system’s I/O is controlled by a pin based approach. In this paper, we investigate the security implications of embedded system’s pin control. In particular, we show how an attacker can tamper with the integrity and availability of an embedded system’s I/O by exploiting cerain pin control operations and the lack of hardware interrupts associated to them.

Original language	Undefined
Title of host publication	Black Hat Europe
Place of Publication	United Kingdom
Publisher	Black Hat
Pages	1-35
Number of pages	35
ISBN (Print)	not assigned
Publication status	Published - 3 Nov 2016
Event	Black Hat Europe 2016 - London, UK Duration: 3 Nov 2016 → 4 Nov 2016

Publication series

Name
Publisher	Black Hat

Conference

Conference	Black Hat Europe 2016
Period	3/11/16 → 4/11/16
Other	3-4 November 2016

Keywords

SCS-Cybersecurity
PLC
Pin
SoC
EC Grant Agreement nr.: FP7/607093
IR-102383
Exploit
Attack
Rootkit
METIS-319497
EWI-27470

Access to Document

https://www.blackhat.com/docs/eu-16/materials/eu-16-Abbasi-Ghost-In-The-PLC-Designing-An-Undetectable-Programmable-Logic-Controller-Rootkit-wp.pdf

Cite this

@inproceedings{b5b5647faa9944f3b255fe8e586c7145,

title = "Ghost in the PLC: Designing an Undetectable Programmable Logic Controller Rootkit via Pin Control Attack",

abstract = "Input/Output is the mechanisms through which embedded systems interact and control the outside world. Particularly when employed in mission critical systems, the I/O of embedded systems has to be both reliable and secure. Embedded system{\textquoteright}s I/O is controlled by a pin based approach. In this paper, we investigate the security implications of embedded system{\textquoteright}s pin control. In particular, we show how an attacker can tamper with the integrity and availability of an embedded system{\textquoteright}s I/O by exploiting cerain pin control operations and the lack of hardware interrupts associated to them.",

keywords = "SCS-Cybersecurity, PLC, Pin, SoC, EC Grant Agreement nr.: FP7/607093, IR-102383, Exploit, Attack, Rootkit, METIS-319497, EWI-27470",

author = "Ali Abbasi and Majid Hashemi",

year = "2016",

month = nov,

day = "3",

language = "Undefined",

isbn = "not assigned",

publisher = "Black Hat",

pages = "1--35",

booktitle = "Black Hat Europe",

note = "Black Hat Europe 2016 ; Conference date: 03-11-2016 Through 04-11-2016",

}

Abbasi, A & Hashemi, M 2016, Ghost in the PLC: Designing an Undetectable Programmable Logic Controller Rootkit via Pin Control Attack. in Black Hat Europe. Black Hat, United Kingdom, pp. 1-35, Black Hat Europe 2016, 3/11/16. <https://www.blackhat.com/docs/eu-16/materials/eu-16-Abbasi-Ghost-In-The-PLC-Designing-An-Undetectable-Programmable-Logic-Controller-Rootkit-wp.pdf>

TY - GEN

T1 - Ghost in the PLC: Designing an Undetectable Programmable Logic Controller Rootkit via Pin Control Attack

AU - Abbasi, Ali

AU - Hashemi, Majid

PY - 2016/11/3

Y1 - 2016/11/3

N2 - Input/Output is the mechanisms through which embedded systems interact and control the outside world. Particularly when employed in mission critical systems, the I/O of embedded systems has to be both reliable and secure. Embedded system’s I/O is controlled by a pin based approach. In this paper, we investigate the security implications of embedded system’s pin control. In particular, we show how an attacker can tamper with the integrity and availability of an embedded system’s I/O by exploiting cerain pin control operations and the lack of hardware interrupts associated to them.

AB - Input/Output is the mechanisms through which embedded systems interact and control the outside world. Particularly when employed in mission critical systems, the I/O of embedded systems has to be both reliable and secure. Embedded system’s I/O is controlled by a pin based approach. In this paper, we investigate the security implications of embedded system’s pin control. In particular, we show how an attacker can tamper with the integrity and availability of an embedded system’s I/O by exploiting cerain pin control operations and the lack of hardware interrupts associated to them.

KW - SCS-Cybersecurity

KW - PLC

KW - Pin

KW - SoC

KW - EC Grant Agreement nr.: FP7/607093

KW - IR-102383

KW - Exploit

KW - Attack

KW - Rootkit

KW - METIS-319497

KW - EWI-27470

M3 - Conference contribution

SN - not assigned

SP - 1

EP - 35

BT - Black Hat Europe

PB - Black Hat

CY - United Kingdom

T2 - Black Hat Europe 2016

Y2 - 3 November 2016 through 4 November 2016

ER -