My PLC makes an excellent web server

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Supervisory Control And Data Acquisition, SCADA, is the term used for a variety of hardware and software combinations that control things. Not things like personal computers, but things like factories. Often these things are critical infrastructures, such as the power grid, transportation systems, or other wide ranging distributed control environments. Programmable Logic Controllers (PLCs) are at the heart of modern SCADA systems. PLCs read data inputs, act upon these data inputs, and set or reset outputs; they control everything from printing or packaging equipment on a factory floor to hydroelectric generators, train signalling systems, and airport parking structures. Over time, the functionality included in PLCs has increased dramatically; what used to be a simple-minded device is now an advanced computing machine with several different communications interfaces. At the same time, many (most?) PLCs now can be connected via standard Internet communications arrangements, using standard Internet protocols. To prove the point we have turned one of our lab PLCs into a general purpose - although size restricted - web server. What security issues are raised by this capability? Suddenly the information you are seeing presented by the PLC may not be correct, since the web pages might contain anything at all. Simply by replacing the factory-installed web content in the PLC we can spoof the pages in order to display whatever input or output status is desired, regardless of the actual status of the device. Can you trust what you are seeing from your control system? "No" is a bad answer! This paper provides details on a specific file system for a commercial PLC, and describes how we managed to spoof the download software to allow arbitrary files to be written into it. We wish to emphasized that our paper is presented as a do-it-yourself approach, as opposed to the usual research paper, in order to demonstrate the potential issues that arise when the firmware in PLCs can be modified.

Original languageEnglish (US)
Title of host publication9th International Conference on Cyber Warfare and Security 2014, ICCWS 2014
PublisherAcademic Conferences Limited
Pages149-157
Number of pages9
ISBN (Print)9781632660626
StatePublished - 2014
Event9th International Conference on Cyber Warfare and Security 2014, ICCWS 2014 - West Lafayette, United States
Duration: Mar 24 2014Mar 25 2014

Other

Other9th International Conference on Cyber Warfare and Security 2014, ICCWS 2014
CountryUnited States
CityWest Lafayette
Period3/24/143/25/14

Fingerprint

Programmable logic controllers
Servers
Industrial plants
Hydroelectric generators
Critical infrastructures
SCADA systems
Firmware
Internet protocols
Communication
Parking
Airports
Personal computers
Printing
Websites
Data acquisition
Packaging
Internet
Hardware
Control systems

Keywords

  • Critical infrastructure
  • Programmable logic controllers
  • Scada

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Safety, Risk, Reliability and Quality

Cite this

Mahoney, W. (2014). My PLC makes an excellent web server. In 9th International Conference on Cyber Warfare and Security 2014, ICCWS 2014 (pp. 149-157). Academic Conferences Limited.

My PLC makes an excellent web server. / Mahoney, William.

9th International Conference on Cyber Warfare and Security 2014, ICCWS 2014. Academic Conferences Limited, 2014. p. 149-157.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Mahoney, W 2014, My PLC makes an excellent web server. in 9th International Conference on Cyber Warfare and Security 2014, ICCWS 2014. Academic Conferences Limited, pp. 149-157, 9th International Conference on Cyber Warfare and Security 2014, ICCWS 2014, West Lafayette, United States, 3/24/14.
Mahoney W. My PLC makes an excellent web server. In 9th International Conference on Cyber Warfare and Security 2014, ICCWS 2014. Academic Conferences Limited. 2014. p. 149-157
Mahoney, William. / My PLC makes an excellent web server. 9th International Conference on Cyber Warfare and Security 2014, ICCWS 2014. Academic Conferences Limited, 2014. pp. 149-157
@inproceedings{f3b8d6ea97aa413a8de200b95fe8e219,
title = "My PLC makes an excellent web server",
abstract = "Supervisory Control And Data Acquisition, SCADA, is the term used for a variety of hardware and software combinations that control things. Not things like personal computers, but things like factories. Often these things are critical infrastructures, such as the power grid, transportation systems, or other wide ranging distributed control environments. Programmable Logic Controllers (PLCs) are at the heart of modern SCADA systems. PLCs read data inputs, act upon these data inputs, and set or reset outputs; they control everything from printing or packaging equipment on a factory floor to hydroelectric generators, train signalling systems, and airport parking structures. Over time, the functionality included in PLCs has increased dramatically; what used to be a simple-minded device is now an advanced computing machine with several different communications interfaces. At the same time, many (most?) PLCs now can be connected via standard Internet communications arrangements, using standard Internet protocols. To prove the point we have turned one of our lab PLCs into a general purpose - although size restricted - web server. What security issues are raised by this capability? Suddenly the information you are seeing presented by the PLC may not be correct, since the web pages might contain anything at all. Simply by replacing the factory-installed web content in the PLC we can spoof the pages in order to display whatever input or output status is desired, regardless of the actual status of the device. Can you trust what you are seeing from your control system? {"}No{"} is a bad answer! This paper provides details on a specific file system for a commercial PLC, and describes how we managed to spoof the download software to allow arbitrary files to be written into it. We wish to emphasized that our paper is presented as a do-it-yourself approach, as opposed to the usual research paper, in order to demonstrate the potential issues that arise when the firmware in PLCs can be modified.",
keywords = "Critical infrastructure, Programmable logic controllers, Scada",
author = "William Mahoney",
year = "2014",
language = "English (US)",
isbn = "9781632660626",
pages = "149--157",
booktitle = "9th International Conference on Cyber Warfare and Security 2014, ICCWS 2014",
publisher = "Academic Conferences Limited",

}

TY - GEN

T1 - My PLC makes an excellent web server

AU - Mahoney, William

PY - 2014

Y1 - 2014

N2 - Supervisory Control And Data Acquisition, SCADA, is the term used for a variety of hardware and software combinations that control things. Not things like personal computers, but things like factories. Often these things are critical infrastructures, such as the power grid, transportation systems, or other wide ranging distributed control environments. Programmable Logic Controllers (PLCs) are at the heart of modern SCADA systems. PLCs read data inputs, act upon these data inputs, and set or reset outputs; they control everything from printing or packaging equipment on a factory floor to hydroelectric generators, train signalling systems, and airport parking structures. Over time, the functionality included in PLCs has increased dramatically; what used to be a simple-minded device is now an advanced computing machine with several different communications interfaces. At the same time, many (most?) PLCs now can be connected via standard Internet communications arrangements, using standard Internet protocols. To prove the point we have turned one of our lab PLCs into a general purpose - although size restricted - web server. What security issues are raised by this capability? Suddenly the information you are seeing presented by the PLC may not be correct, since the web pages might contain anything at all. Simply by replacing the factory-installed web content in the PLC we can spoof the pages in order to display whatever input or output status is desired, regardless of the actual status of the device. Can you trust what you are seeing from your control system? "No" is a bad answer! This paper provides details on a specific file system for a commercial PLC, and describes how we managed to spoof the download software to allow arbitrary files to be written into it. We wish to emphasized that our paper is presented as a do-it-yourself approach, as opposed to the usual research paper, in order to demonstrate the potential issues that arise when the firmware in PLCs can be modified.

AB - Supervisory Control And Data Acquisition, SCADA, is the term used for a variety of hardware and software combinations that control things. Not things like personal computers, but things like factories. Often these things are critical infrastructures, such as the power grid, transportation systems, or other wide ranging distributed control environments. Programmable Logic Controllers (PLCs) are at the heart of modern SCADA systems. PLCs read data inputs, act upon these data inputs, and set or reset outputs; they control everything from printing or packaging equipment on a factory floor to hydroelectric generators, train signalling systems, and airport parking structures. Over time, the functionality included in PLCs has increased dramatically; what used to be a simple-minded device is now an advanced computing machine with several different communications interfaces. At the same time, many (most?) PLCs now can be connected via standard Internet communications arrangements, using standard Internet protocols. To prove the point we have turned one of our lab PLCs into a general purpose - although size restricted - web server. What security issues are raised by this capability? Suddenly the information you are seeing presented by the PLC may not be correct, since the web pages might contain anything at all. Simply by replacing the factory-installed web content in the PLC we can spoof the pages in order to display whatever input or output status is desired, regardless of the actual status of the device. Can you trust what you are seeing from your control system? "No" is a bad answer! This paper provides details on a specific file system for a commercial PLC, and describes how we managed to spoof the download software to allow arbitrary files to be written into it. We wish to emphasized that our paper is presented as a do-it-yourself approach, as opposed to the usual research paper, in order to demonstrate the potential issues that arise when the firmware in PLCs can be modified.

KW - Critical infrastructure

KW - Programmable logic controllers

KW - Scada

UR - http://www.scopus.com/inward/record.url?scp=84931087999&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84931087999&partnerID=8YFLogxK

M3 - Conference contribution

SN - 9781632660626

SP - 149

EP - 157

BT - 9th International Conference on Cyber Warfare and Security 2014, ICCWS 2014

PB - Academic Conferences Limited

ER -