Explore the vulnerabilities in radio-frequency (RF) remote controllers used in industrial applications through this conference talk from the Hack In The Box Security Conference. Delve into the security assessment that uncovered critical weaknesses in safety-critical IIoT applications, including manufacturing, construction, and transportation equipment. Learn about the lack of important security features and the use of obscure proprietary protocols instead of standards. Discover various attack vectors such as replay, command injection, e-stop abuse, malicious repairing, and reprogramming. Follow the speakers' journey through a 6-month responsible disclosure process, resulting in the release of 10 security advisories. Witness demonstrations that illustrate the problems in detail and gain valuable recommendations for vendors, users, and system integrators involved in the life-cycle of these devices.
Overview
Syllabus
#HITB2019AMS D2T1 - Attacking Industrial Remote Controllers - Marco Balduzzi and Federico Maggi
Taught by
Hack In The Box Security Conference