Security Experts:

Connect with us

Hi, what are you looking for?



ADC Attacks Can Cause Damage in Industrial Environments

ADC Attack Shows Why Inputs Should Be Validated in ICS

Gabriel Gonzalez, IOActive, at Black Hat Europe

ADC Attack Shows Why Inputs Should Be Validated in ICS

Gabriel Gonzalez, IOActive, at Black Hat Europe

LONDON – BLACK HAT EUROPE – Malicious actors could cause physical damage by exploiting flaws in how analog-to-digital converters (ADCs) are used in industrial environments, researchers warned.

ADCs are electronic devices that convert analog signals, such as voltage or amperage, into digital signals. In industrial environments, ADCs can be used to produce a digital number from an analog signal coming from temperature, pressure or other types of sensors. For instance, ADCs can be part of a safety system that monitors the signal from a programmable logic controller (PLC) to a motor or a turbine. The safety system can trigger a shutdown and prevent any damage if the value of the signal is not within normal parameters.

IOActive researchers Alexander Bolshev and Gabriel Gonzalez analyzed ADCs in the context of industrial control systems (ICS) and found that they can be tricked into measuring normal values even if there is an immediate risk to a physical process.

According to the experts, an attacker who has access to a PLC — a task that can be achieved using the various vulnerabilities disclosed over the past years — could generate a signal with a frequency that is interpreted as being valid by the ADC, when in reality it can cause serious damage to the physical process.

In an experiment they conducted, Bolshev and Gonzalez showed how an attacker can send a signal to a motor and make it look normal to the safety system, but actually cause vibration that can damage the motor.

ADCs typically have an anti-aliasing filter that restricts the bandwidth of a signal, but these filters don’t prevent the attack method devised by the IOActive researchers.

The researchers tested the attack on several Sigma Delta ADCs, which are the most popular for industrial applications. They determined that ADCs such as AD7705 and AD7706 are easy to attack. The method also works against MCP3425 and ADS1015 devices, but the difficulty of conducting the attack has been described by the experts as “easy-medium,” respectively “medium-hard.” In the case of MAX11205 converters, Bolshev and Gonzalez concluded that the attacks are likely “impossible.”

The experts pointed out that the attack needs to be customized for each targeted ADC, and while it took them several weeks to figure out the right frequencies, Gonzalez told SecurityWeek in an interview that it’s likely much easier for a sophisticated threat actor.

In addition to attacks that rely on frequency modifications, the experts looked into methods that rely on changes in amplitude. However, they said frequency attacks are more efficient.

Gonzalez highlighted that, similar to securing web applications, user input should always be validated in the case of ICS as well. The expert believes these attacks can be prevented if proper anti-aliasing filters are used.

Related: PLCs Vulnerable to Stealthy Pin Control Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


Vulnerabilities in GE’s Proficy Historian product could be exploited for espionage and to cause damage and disruption in industrial environments.


A hacktivist group has made bold claims regarding an attack on an ICS device, but industry professionals have questioned their claims.


Vulnerabilities in industrial routers made by InHand Networks could allow hackers to bypass security systems and gain access to OT networks.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


UK-based manufacturing company Morgan Advanced Materials revealed on Tuesday that it’s investigating a cybersecurity incident.The company has launched an investigation after detecting unauthorized activity...


Organizations using controllers made by Rockwell Automation have been informed recently about several potentially serious vulnerabilities.