No VPN Needed? Cryptographic Attacks Against the OPC UA Protocol

OPC UA is a standardized communication protocol that is widely used in the areas of industrial automation and IoT. It is used within and between OT networks, but also as a bridge between IT and OT environments or to connect field systems with the cloud. Traditionally, VPN tunnels are used to secure connections between OT trust zones (especially when they cross the internet), but this is often considered not to be necessary when using OPC UA because the protocol offers its own cryptographic authentication and transport security layer.

This makes OPC UA a valuable target for attackers, because if they could hijack a (potentially internet-exposed) OPC UA server they might be able to wreak havoc on whatever industrial systems are controlled by it. Therefore, I decided to take a look at the cryptography used by the protocol, and whether any protocol-level flaws could be used to compromise implementations.

As a result, I managed to identify two protocol flaws that I could turn into practical authentication bypass attacks that worked against various implementations and configurations. These attacks involve signing oracles, signature spoofing padding oracles and turning “RSA-ECB” into a “timing side channel amplifier”.

In this talk, I will explore the protocols and the issues I identified, as well as the process of turning two theoretical crypto flaws into highly practical exploits.

By:
Tom Tervoort | Principal Security Specialist, Bureau Veritas Cybersecurity

Presentation Materials Available at:
https://blackhat.com/us-25/briefings/schedule/?#no-vpn-needed-cryptographic-attacks-against-the-opc-ua-protocol-44760Black HatRead More