Nope, S7ill Not Secure: Stealing Private Keys From S7 PLCs

MediaVideo
Yanac

Industrial Control Systems (ICS) are vital to our modern life, ensuring the reliable and continuous operation of critical infrastructures. Recent years have seen a growing trend within ICSs towards adopting encryption and strong(er) authentication in the protocols. The latest versions of Siemens S7 protocol, used by the S7 PLCs, are secured using TLS1.3 to address weaknesses in earlier protocol versions. For example, previous studies presented a rogue client that could send PLC commands. These attacks can only forge client messages as they cannot access the hardcoded PLC private key (shared between PLCs). The private key was eventually leaked, and in response, new S7 PLC versions have unique TLS keys. To date, nobody has been able to retrieve the private keys from the new PLC versions.

This talk presents six attacks against the new S7 PLCs. After reverse engineering the protocol, we found a severe vulnerability in the PLC configuration, that exposes the private key. We exploit this protocol design flaw in different attacks, including:
– A rogue client that steals the PLC private key, by politely asking the PLC itself over the network.
– A man-in-the-middle attack that leverages the extracted key. It allows the attacker to inject a malicious PLC program while reporting a healthy-looking state of the process to the operators, reincarnating the OT features of Stuxnet on the SIMATIC product line’s newest version.
– Stealing keys and passwords from a legitimate key provisioning from the client to the PLC.

The combination of the presented attacks constitutes a powerful attack toolset, allowing a complete takeover of the process control infrastructure, while hiding the attack from the operators. The impact of this study is far-reaching as it shows an immediate threat to ICS customers, demonstrating the insecurity of Siemens’ latest and most secure PLC product line against motivated threat actors.

By:
Nadav Adir | B.Sc. Student, Technion
Alon Dankner | Security Researcher, Technion
Eli Biham | Professor, Technion
Sara Bitan | Senior Researcher, Technion
Ron Freudenthal | Security Researcher, Technion
Or Keret | M.Sc. Student, Technion

Full Abstract and Presentation Materials:
https://www.blackhat.com/us-24/briefings/schedule/#nope-sill-not-secure-stealing-private-keys-from-s-plcs-40677Black HatRead More