How hacking a PLC can lead to a disaster with real human casualties.
Scientists from the Georgia Institute of Technology have presented a new method for developing malware for programmable logic controllers (PLCs), which turns out to be much more flexible, stable and influential than any current solutions.
This scheme allows malware to covertly attack real hardware using legitimate web application interfaces provided by the administrative portal.
Such attacks include tampering with sensor readings, disabling safety signals, and manipulating physical actuators. The study showed that the proposed attack is relevant for any PLC manufactured by large manufacturers.
This approach has significant advantages over existing methods of attacking PLCs, such as platform independence, ease of deployment, and higher levels of resilience.
"While previous attacks on PLCs have infected either control logic or firmware, our malware infects exclusively web applications hosted on embedded web servers in PLCs," the researchers said.
"We believe that this is a completely new class of PLC malware that has yet to be investigated. We call it web-based malware," Ryan Pickren, a graduate student in the Department of Electrical and Computer Engineering at the Georgia Institute of Technology, said in a press statement.
The researchers also explained that the very emergence of web technologies in industrial control systems introduces completely new security issues that no one even thought about before.
"Depending on how much the PLC controls the production process, our attack could potentially lead to catastrophic incidents or even loss of life," the researchers report.
The developed approach is much easier to deploy than typical attacks on industrial or infrastructure systems, which usually require some level of access or physical presence.
In addition, the use of web interfaces makes it very difficult to detect an attack and even allows hackers to erase all traces of their presence. Malware can also self-repair if operators decide to reset controllers or replace equipment due to an identified failure.
The researchers also offered several recommendations for protecting against web-based malware for PLCs, including steps browser developers can take to prevent public access to private networks, and changes to the architecture of web servers. They also outlined the steps that PLCs themselves can take to protect their devices from this new type of attack.
"We need to review the architectures, protocols, deployment that we have in place: how can we make them more secure without giving up the benefits that web interaction gives us, " said study co-author Saman Zonuz.
"The Internet is a huge field for attacks, but this does not mean that we should turn off the Internet. This means that we need to make it more secure. The same is true for industrial PLCs, " the researchers concluded.
Scientists from the Georgia Institute of Technology have presented a new method for developing malware for programmable logic controllers (PLCs), which turns out to be much more flexible, stable and influential than any current solutions.
This scheme allows malware to covertly attack real hardware using legitimate web application interfaces provided by the administrative portal.
Such attacks include tampering with sensor readings, disabling safety signals, and manipulating physical actuators. The study showed that the proposed attack is relevant for any PLC manufactured by large manufacturers.
This approach has significant advantages over existing methods of attacking PLCs, such as platform independence, ease of deployment, and higher levels of resilience.
"While previous attacks on PLCs have infected either control logic or firmware, our malware infects exclusively web applications hosted on embedded web servers in PLCs," the researchers said.
"We believe that this is a completely new class of PLC malware that has yet to be investigated. We call it web-based malware," Ryan Pickren, a graduate student in the Department of Electrical and Computer Engineering at the Georgia Institute of Technology, said in a press statement.
The researchers also explained that the very emergence of web technologies in industrial control systems introduces completely new security issues that no one even thought about before.
"Depending on how much the PLC controls the production process, our attack could potentially lead to catastrophic incidents or even loss of life," the researchers report.
The developed approach is much easier to deploy than typical attacks on industrial or infrastructure systems, which usually require some level of access or physical presence.
In addition, the use of web interfaces makes it very difficult to detect an attack and even allows hackers to erase all traces of their presence. Malware can also self-repair if operators decide to reset controllers or replace equipment due to an identified failure.
The researchers also offered several recommendations for protecting against web-based malware for PLCs, including steps browser developers can take to prevent public access to private networks, and changes to the architecture of web servers. They also outlined the steps that PLCs themselves can take to protect their devices from this new type of attack.
"We need to review the architectures, protocols, deployment that we have in place: how can we make them more secure without giving up the benefits that web interaction gives us, " said study co-author Saman Zonuz.
"The Internet is a huge field for attacks, but this does not mean that we should turn off the Internet. This means that we need to make it more secure. The same is true for industrial PLCs, " the researchers concluded.
