Industrial Defender’s Jacob Kitchel is on the ground attending BlackHat 2012. From the Las Vegas heat he’d interpreting session and research that related to automation system and industrial control system operations.
BH Session: GHz or Bust
Researchers demonstrate sub-GHz radio is no longer a barrier to security testing
Researchers at the annual Blackhat USA security conference in Las Vegas
demonstrated that sub-GHz hardware and wireless technology, which has traditionally been unreachable,
is now within reach. As part of a technical workshop offered at the conference, a researcher, who goes by the name “Atlas”, demonstrated and led a room of like-minded security researchers on how to utilize a USB dongle along with some custom-written firmware to explore and experiment with sub-GHz radio frequencies. These radio frequencies are increasingly common in embedded devices such as medical devices, manufacturing systems, industrial systems, cell phones, and power systems.Traditionally, the exploration of these systems has presented a high barrier to entry to all but the most informed engineers and designers of wireless systems. As time moved on, software security researchers have expanded their skills and interests into electronic hardware and the areas where the two skillsets intersect. Those interests, skills, new technology, and the pervasiveness of wireless communication led them to explore the airwaves.The USB dongle, the cc1111, is readily available for about $50 and the accompanying software project, rfcat, is available in an online repository hosted by the presenting researcher.
Relevance to Industrial Defender customers and beyond:
With a strong industry focus on security and compliance of traditional cyber assets, this research presents an additional area that companies will need to begin exploring and evaluating. Many of these wireless devices exist and operate without much thought – they just work. The research and demonstrations have worked to pull back the veil on the magical world of radio signals and enable researchers and attackers to probe and test these devices for security vulnerabilities.
Two of the researchers in the workshop, Nathan Keltner and Kevin Finisterre of Accuvant Labs, called the rfcat and cc1111 combination a “Swiss Army knife” for assessing products using sub-GHz wireless frequencies. “GnuRadio and USRPs are great tools but they’re also kind of bulky and can be overkill,” said Finisterre. The rfcat and cc1111 combination will lower the barrier to listening to and transmitting on arbitrary wireless frequencies and allow researchers to spend more time assessing security as opposed to overcoming implementation hurdles. “It’s important to leverage readily available and approachable tools,” said Keltner.
BH Session: Looking into the Eye of the Meter
Smart Meter deployments suffer from insecure deployment
Smart meter deployments suffer from insecure deployment and are vulnerable to attack through on-device optical ports said security researcher Don C. Weber of the security assessment firm InGuardians, Inc. These vulnerabilities threaten the security and privacy of the utilities and consumers who have smart meters.
Presenting at the Blackhat USA security conference, Weber outlined his employer’s approach to assessing smart meters which led to the creation of his software tool, OptiGuard, which can be used to assess a smart meter’s security through the optical port on the front of the meter.
Smart meter optical ports have been in the news before. In April, 2012, Brian Krebs reported that the FBI published an intelligence bulletin outlining an attack on a Puerto Rico-based utility. In the attack, the FBI believes, former employees of the utility utilized the optical ports to modify meters in exchange for payment.
Relevance to Industrial Defender customer and smart meter operators: New Attack Scenarios
Weber’s initial research evaluated the internal, electronic security of a smart meter to gain crucial insight into its operation. He was then able to translate that knowledge into general, flexible tools which could leverage that hard earned knowledge to communicate with smart meters from the outside. This process was important in turning the security knowledge into an attack scenario which could affect utilities and consumers.
Originally scheduled to be presented in 2011, Weber’s talk was initially pulled from another conference’s proceedings at the request of concerned vendors. Weber and his employer worked with the concerned vendors to share his research and software to raise awareness of the smart meter security issues.
Weber plans on continuing his research and extending it to apply to the other various network interfaces present in smart meters. “As vendors and utilities being to secure their meters, we’ll work to verify that security and continue on to assess the other network capabilities present,” said Weber.