Programmable Logic Controllers (PLCs) are a family of embedded devices used for physical process control. Similar to other embedded devices, PLCs are vulnerable to cyber attacks. Because they are used to control the physical processes of critical infrastructures, compromised PLCs constitute a significant security and safety risk.
In this paper, we investigate attacks against PLCs by introducing a specific type of attack against a PLC that allows the adversary to stealthily manipulate the physical process it controls by tampering with the device I/O at a low level. We implemented two variant of the attack in the form of a rootkit and a user-space malicious code over a candidate PLC. However in this technical edition we do not include the design information of the rootkit or the user-space malicious software.
Our study is meant to be used as a basis for the design of more robust detection techniques specifically tailored for PLCs.
|Name||CTIT Technical Report Series|
|Publisher||University of Twente, Centre for Telematics and Information Technology (CTIT)|
- EC Grant Agreement nr.: FP7/607093