Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
-
Upload
vivian-itzel-flores-mejia -
Category
Documents
-
view
216 -
download
0
Transcript of Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
1/37
All rights reserved to Security Art Ltd. 2002 - 2010 www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Let Me Stuxnet You
Itzik Kotler
CTO, Security Art
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
2/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Goodbye World!
Stuxnet and Cyber War fa re a re exp lo i t i ngthe ( i t s compl i ca ted) re la t ionsh ip be tween
Sof tware and Hardware to cause damageand sabotage!
Today i t s a c ount ry th at see ks to d est royanother na t ion and tomorrow i t s acommerc ia l company tha t seeks to make a
r i va l company go out o f bus iness . An ac t o f I ndus t r i a l Cyber War fa re .
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
3/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Can Software Damage Hardware? Yes!
Sof tware cont ro l s hardware , and i t canmake i t per fo rm damag ing operat ion
Sof tware can damage another so f twarethat runs o r operates an hardware
Sof tware cont ro l s hardware , and i t canmake i t per fo rm operat ion that w i l l bedamag ing to another hardware
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
4/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Industrial Cyber Warfare Attack?
Cyber War fa re i s no t l im i ted to , o r des igne dexc lus i ve l y f o r na t i o ns o r c r i t i ca l
i n f r a s t ruc tu res A s ucces s fu l l y de l i ve red I ndus t r i a l Cybe r
War fa re a t tack causes f i n anc ia l l o ss ,o pe ra t i o n l o s s , o r bo th t o t he a t t ack edco mpany !
I ndus t r i a l Cyber War fa re i s Log i c Bombs ,Pe rmanent Den ia l -o f -Se rv i ce , APT and more
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
5/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Meet Permanent Denial-of-Service
Permanent Den ia l -o f -Serv ice i s an a t tackthat damages hardware so bad ly that i t
requ i res rep laceme nt o r re ins ta l la t ion o f hardware .
The damage p otent ia l i s on a g rand sca le ,a lmost any th ing and every th ing i scont ro l led by so f tware that can be
mod i f ied o r a t tacked
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
6/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Industrial Cyber Warfare: Why & Who?
I ndus t r i a l Esp ionage R i v a l C o m p a n i es
F o re i g n C o u n t r i e s Terrorism
P o l i t i ca l / S o c i a l A g en d a
Revenge
B lackma i l i ng G reed , P o wer a n d e t c .
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
7/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Permanent Denial-of-Service 101
Phlashing : Overwr i t i ng the f i rmware o f the
component and make i t u se less ( i . e .Br i cked )
Overc lock ing : I n c reas ing the work ing f requency o f the
component and make i t uns tab le and
overheat
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
8/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Permanent Denial-of-Service (Cont.)
O v e r v o l t i n g :
I n c r e a s i ng t h e i n p u t v o l t a g e o f t h e c o m p o n e n ta n d z a p i t o r c a u s e i t t o o v e r h e a t
O v e r u s i n g :
R e p e t i t i v e l y u s i n g a m e c h a n i c a l f e a t u r e o f t h ec o m p o n e n t a n d c a u s e i t t o w e a r q u i c k e r
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
9/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Permanent Denial-of-Service (Cont.)
Power Cyc l ing Repet i t i ve ly tu rn on and o f f the power
supp ly to the component and cause i tto wear qu icker (due to temperaturef lec t ion and sp ikes )
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
10/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Local Attacks
Does anyone smell smoke?
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
11/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Computer Fans
Not a ta rget , per se . Disab l i ng o r s l ow ing down the fan RPM
speed can resu l t in inc reased temperature Lengthy exposure to h igh temperature (due
to lack o f coo l ing ) can lead toE lec t romigrat ion that in tu rn w i l l cause aPermanent Den ia l -o f -Serv ice
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
12/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
CPU
Overheat ing due to S t ress ing Overheat ing due to Overc lock ing Overheat ing due to Overvo l t ing Overheat ing due to (a lways on) P0 @
APM/ACAP I Br i ck ing due to Ph lash ing (v ia M ic rocode
F lash ing)
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
13/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
CPU: Infinite Loop
x86 Assembly Code:
jmp
Description:
Infinite loop that jump to self
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
14/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
CPU: Microcode Flashing
Not your typ ica l f i rmware update Microcode goes in to the p rocessor ,
p rov id ing a s l igh t ly h igher leve l o r morecomplex commands based on theprocessor ' s bas ic ( "hard -w i red" ) commands
Microprogramming can be used to abuse o rto damage the mic roprogram wi th in the
processor
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
15/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
RAM
Overheat ing due to Overc lock ing Overheat ing due to Overvo l t ing Burnout due to Overvo l t ing
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
16/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
GPU (Graphics Processing Unit)
Overheat ing due to Overc lock ing Overheat ing due to Overvo l t ing Br ick ing due to Ph lash ing
Ut i l i t i es ( e .g . nv f lash , N iB iTor , e tc . )
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
17/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Hard disk drive
Trad i t ion a l ( i . e . Me chan ica l ) Overheat ing due to Excess ive Wr i te &
Read Wear ing out due t o Excess ive Head
Park ing Br i ck ing due to Ph lash ing
So l id - s ta te d r ive Wear ing out due to Excess ive Wr i te
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
18/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Hard Drive: Pseudo Format Attack
Command:
while true; do
Description:
Infinite loop of read and write requests to disk
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
19/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Hard Drive: Spindown Attack
Commands:
hdparm
Description:
Sets disk
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
20/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
BIOS: Bricking/Firmware Flashing
Br ick ing due to Ph lash ing
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
21/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Rouge BIOS Firmware as Platform
Al lows automat ion o f : Overc lock ing o f CPU, RAM and etc . Overvo l t ing o f C PU, RAM and etc . Power Cyc l ing (o f the who le Sys tem)
Can inc lude a Se l f -des t ruc t fun ct ion
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
22/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
CD-ROM/DVD-ROM
Wear ing out due to O verus ing the d r ivet ray
Br ick ing due to Ph lash ing
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
23/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
CD-ROM: Mechanical Part Attack
Code:
while true; do eject; eject t; done
Description:
Infinite loop that opens and closes the CD-ROM tray
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
24/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Memory Wear
F l a s h m e m o r y h a s a f i n i t e n u m b e r o f p r o g r a m -e ra s e c y c l e s ( a k a . P / E c y c l e s ) .
M o s t c o m m e rc i a l l y a v a i l a b l e F l a s h p ro d u c t s a reg u a r a n t e e d t o w i t h s t a n d a r o u n d 1 0 0 , 0 0 0 P / Ec y c l e s , b e f o r e t h e w e a r b e g i n s t o d e t e r i o r a t et h e i n t e g r i t y o f t h e s t o r a g e
P o p u l a r p ro d u c t s t h a t a re b a s e d o n , o r u s i n gF l a s h m e m o ry : U S B D i s k O n K e y s , S o l i d - s t a t e
D r i v e s , T h i n C l i e n t s a n d R o u t e r s a n d m o re .
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
25/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Flash: Memory Wear Attack
Code:dd
Description:
Infinite loop that excessively writes pseudo-random to a flashmemory
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
26/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
NIC (Network Interface Card)
Br ick ing due to Ph lash ing
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
27/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
NIC: TCP Offload Engine
TC P O f f l o a d E n g i n e o r T O E i s a t e c h n o l o g y u s e di n n e t w o r k i n t e r f a c e c a r d s ( N I C ) t o o f f l o a dp r o c e s s i n g o f t h e e n t i r e TC P / I P s t a c k t o t h en e t w o r k c o n t r o l l e r.
T O E i s p r i m a r i l y u s e d w i t h h i g h - s p e e d n e t w o r ki n t e r f a c e s , s u c h a s g i g a b i t E t h e r n e t a n d 1 0G i g a b i t E t h e r n e t
T O E i s i m p l e m e n t e d i n h a r d w a r e s o p a t c h e s
m u s t b e a p p l i e d t o t h e T O E f i r m w a r e
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
28/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
CRT Monitor:
There a re p rob lems a t scan ra tes w h ichexceed the mon i to r ' s spec i f i ca t ions ( low or
h igh) . Some mon i to rs can b low i f g iven atoo l ow scan ra te o r an absen t o rcor rupted s igna l input .
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
29/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
XFree86 Screen Configuration:
H o r i z S y n c 2 8 . 0 - 7 8 . 0 # Wa r n i n g : T h i s m a y f r y v e r y o l d M o n i t o r s
H o r i z S y n c 2 8 . 0 - 9 6 . 0 # Wa r n i n g : T h i s m a y f r y o l d
M o n i t o r s
( t a k e n f r o m a r e a l l i f e , X Fr e e 8 6 C o n f i g f i l e )
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
30/37
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
31/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Legacy: Motorola 6800 & 6809
M o t o r o l a 6 8 0 0 w a s a 8 - b i t m i c r o p r oc e s s o r a n dw a s p a r t o f M 6 8 0 0 M i c r o c o m pu t e r S y s t e m
T h e M o t o ro l a 6 8 0 0 a n d 6 8 0 9 c a n d a m a g e t h ec o m p u t e r ' s b u s l i n e s b y t h e i n s t r u c t i o n ' H C F '( H a l t , t h e n C a t c h F i re ) .
H C F s u c c e s s i v e l y t o g g l e s e a c h o f t h e b u s l i n e s ,b u t i t d o e s i t s o f a s t t h a t i t c a n d a m a g e t h e m .I t w a s i n t e n d e d f o r m a n u f a c t u r er t e s t i n g .
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
32/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Summary
C o m p u t e r F a n s
C P U
G P U
R A M
H a r d D r i v e s
B I O S
C D - R O M / D V D - R O M
E x t e r n a l S t o r a g e ( e . g . D i s k O n K e y )
N e t w o r k C a r d s
C R T M o n i t o r ( L e g a c y )
F l o p p y D i s k ( L e g a c y )
N o n - x 8 6 C h i p
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
33/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Remote Attacks
The long arm of the Permanent Denial-of-Service
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
34/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Firmware Updates via Web
Network -a t tached S to rage (NAS) App l i ances Network App l ia nces (e .g . W i -Fi Access
Po in ts ) DSL /ADSL Cab le Modems Computer Per iphera l s (e .g . KVM) Vo ice O ver IP (Vo IP ) P hones And more
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
35/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Open Questions
How th i s a f fec ts C loud and V i r tua l i zedSys tem?
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
36/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Countermeasures?
Hardware : Over-c lock ing P ro tec t ion
Over-vo l tage P ro tec t ion Over- temperature P ro tec t ion
Sof tware : Dig i ta l l y s igne d Fi rmware B inar ies &
Updates
-
8/7/2019 Hes2011 Ikolter Let Me Stuxnet You 110415064447 Phpapp02
37/37
All rights reserved to Security Art Ltd. 2002 - 2011
www.security-
art.com
I t z i k K o t l e r | A p r i l 2 0 1 1
Thanks!
Questions are guaranteed in life; Answers
aren't.
mailto: [email protected]
mailto:[email protected]:[email protected]