Hacking industrial systems: closed protocols, memory attacks, and how to kill a PLC by asking a question. π¨π»βπ»π§ππ₯πΈ
Security researchers Wooyeon Jo and Irfan Ahmed presented their research on memory attacks against Industrial Control Systems (ICS) and Programmable Logic Controllers (PLCs) from Schneider Electric and Allen-Bradley.
Very interesting research on the stability of the devices that maintain our critical infrastructure.
The results:
π Schneider M221: Successful UMAS attack. A very sensitive device.
π Schneider M241: Successful UMAS attack. A more resistant version.
π Allen-Bradley AB1756: Resistant to UMAS-style attacks because it uses the proprietary PCCC protocol. Still vulnerable via hardware-level access (JTAG).
Itβs interesting that simply reading from PLC memory was enough to crash some PLCs. You could literally halt an industrial controller just by asking it a question about itself.
Enjoy the paper and presentation, share them with your colleagues and friends, and maybe one day we will have resilient equipment in industrial networks π€
More details:
Oops, It Halted Again: Exploiting PLC Memory for Fun and Profit in Industrial Control Systems:
Slides [PDF]: https://www.usenix.org/sites/default/files/conference/protected-files/woot25_slides_jo.pdf
Paper [PDF]: https://www.usenix.org/system/files/woot25-jo.pdf