Grad Students Find Undocumented Functions in SCADA Protocol

Industrial Control Systems (ICS) have been an area of security concern for the past decade and was dramatically highlighted in the media with the whole Iran nuclear enrichment fiasco. When someone screws with your computer or smart-phone with a virus, it’s quite an inconvenience, but when someone starts taking out your power or shutting down your water treatment plant, that’s just down right rude (apocalyptic, end of the world rude).

Mehdi Sabraoui and follow researcher Kyle Stone recently found some undocumented functions in a popular SCADA (supervisory control and data acquisition) protocol developed by Sixnet. This vulnerability was documented, tools were developed, and the findings were reported to ICS-CERT.

SCADA systems interface between the network and the industrial equipment through a microprocessor-controlled device called a RTU (remote terminal unit). Because of the lack of authentication in the SCADA protocol, the researchers were able to completely control the Linux based RTU remotely.

If you’ve never heard much about SCADA, the following video gives a good primer and then describes how the attack was carried out. Be sure and skip to about the 02:45 mark.