On this episode of the Nexus Podcast, Alon Dankner of the Technion Institute in Israel explains his research into the Siemens S7 protocol and PLCs. A vulnerability uncovered during research allows an attacker to expose and steal private cryptographic keys by leveraging a severe vulnerability and configuration error.
Operational Technology

Nexus Podcast: Alon Dankner on Extracting Private Crypto Keys from PLCs

Michael Mimoso
/
Aug 21, 2024

At the recent Black Hat conference in Las Vegas, Alon Dankner and Nadav Adir of the Technion Institute for Technology in TelAviv, Israel delivered a presentation that demonstrated a half-dozen attacks against programmable logic controllers. 

The attacks focused on Siemens’ proprietary S7 protocol and PLCs, and ultimately exposed the cryptographic keys protecting the integrity of the instructions and other data downloaded to and uploaded from the PLC. 

On this episode of the Nexus Podcast, Dankner joins to cover his and Adir’s work, which uncovered a vulnerability in how the PLCs are configured that puts its private key at risk. They developed six attacks to exploit the design flaws they uncovered in the PLCs. 

Subscribe and listen to the Nexus podcast on your favorite platform.

"Our attacks exploited the key management, the public key infrastructure, of the protocol which was implemented by Siemens," Dankner said. "TLS is a standard protocol and it requires certificates but managing these certificates is an issue in all of these systems. There are requirements you must consider and adapt your security to those requirements."

One of the attacks involved the use of a rogue workstation client that communicates with the PLC and exploits a design flaw in which the PLC sends an encrypted version of the private key over the wire—a practice that should never be implemented. 

The researchers also developed a man-in-the-middle attack that uses the stolen key to manipulate programs downloaded to the PLC. Similar to some of the behaviors exhibited in the Stuxnet attack and in separate Team82 research into Siemens PLCs, the malicious code gives an attacker complete control over the process managed by the PLC. The operator, however, is presented with a false picture of the true state of the PLC. 

A separate attack, meanwhile, exploits an issue as keys are provisioned from Siemens’ TIA client to the PLC, allowing an attacker to steal the keys and passwords protecting them. 

"Our attacks exploited that fact that the S7 protocol moved keys around between devices over the network," he said. "As attackers, we show that we can exploit these provisioning processes to retrieve private keys. It's something that I really doubt you'll see in the IT world. An SQL Server would never give you a private key."

Dankner covers these attacks, and how Siemens worked with them on mitigations

Operational Technology
Michael Mimoso
Editorial Director

Michael Mimoso is Director of Influencer Marketing at Claroty and Editorial Director of Nexus.

Stay in the know Get the Nexus Connect Newsletter
Latest on Nexus Podcast