Overview
Syllabus
black hat USA 2017
Once upon a time... Understanding security and privacy for future smart cities Training and research environment
Model is there... How do you connect devices?
Accessing Setpoints From Front Panel Use buttons Over Modbus
Breaking the encryption algorithm Passcode/encrypted passcode pairs Manual cryptanalysis Chosen Plaintext Attack (CPA)
What can be done with this? Encrypted passcode is a setpoint Can change the passcode locking legitimate operators out
Responsible disclosure process We first reported this to the GE Product Security Incident Response Team in 2016 The firmware update for the affected device came out later in 2016
Mitigation GE's firmware update removes the ability to retrieve the encrypted passcode from the screen or Modbus
Taught by
Black Hat