Sushma Kalle (University of New Orleans), Nehal Ameen (University of New Orleans), Hyunguk Yoo (University of New Orleans), Irfan Ahmed (Virginia Commonwealth University)

This paper presents CLIK, a new remote attack on the control logic of a programmable logic controller (PLC) in industrial control systems. The control logic defines how a PLC controls a physical process such as a nuclear plant. A full control logic attack faces two critical challenges: 1) infecting the control logic in a PLC at a field site and, 2) hiding the infection from engineering software at a control center since the software can obtain the infected logic from the PLC and reveal it to a control engineer. The existing academic efforts only (partially) address the former. CLIK is a first practical control-logic attack that deals with both challenges successfully. It modifies the control logic running in a remote target PLC automatically to disrupt a physical process. CLIK also employs a new virtual PLC approach that hides the malicious modifications by engaging the engineering software with a captured network traffic of the original (uninfected) control logic. It is fully implemented on real hardware/software used in industrial settings and is made publicly available for academic research on control logic attacks1. CLIK consists of four phases and takes less than a minute to complete an attack cycle. As part of the implementation, we found a critical (zero-day) vulnerability in the password authentication mechanism of a target PLC, which allows the attacker to overwrite password hash in the PLC during the authentication process and gain access to the (protected) control logic. We have disclosed the vulnerability responsibly to the PLC vendor who has already patched the vulnerability2.

View More Papers

Towards Automatically Generating a Sound and Complete Dataset for...

Aravind Machiry (UC Santa Barbara), Nilo Redini (UC Santa Barbara), Eric Gustafson (UC Santa Barbara), Hojjat Aghakhani (UC Santa Barbara), Christopher Kruegel (UC Santa Barbara), Giovanni Vigna (UC Santa Barbara)

Read More

dewolf: Improving Decompilation by leveraging User Surveys

Steffen Enders, Eva-Maria C. Behner, Niklas Bergmann, Mariia Rybalka, Elmar Padilla (Fraunhofer FKIE, Germany), Er Xue Hui, Henry Low, Nicholas Sim (DSO National Laboratories, Singapore)

Read More

Beyond the Bytes: Understanding the Limitations of Intrinsic Binary...

Peter Lafosse (Owner and Co-Founder of Vector 35 Inc.)

Read More

Similarity Metric Method for Binary Basic Blocks of Cross-Instruction...

Xiaochuan Zhang (Artificial Intelligence Research Center, National Innovation Institute of Defense Technology), Wenjie Sun (State Key Laboratory of Mathematical Engineering and Advanced Computing), Jianmin Pang (State Key Laboratory of Mathematical Engineering and Advanced Computing), Fudong Liu (State Key Laboratory of Mathematical Engineering and Advanced Computing), Zhen Ma (State Key Laboratory of Mathematical Engineering and Advanced…

Read More