Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Black Hat

Black Hat Researchers Remotely Hack Into SCADA Systems on Oil Rigs

SCADA systems used on oil rigs and other areas of the oil industry are using outdated networking protocols that can easily be compromised, SCADA experts told attendees at the Black Hat security conference.

SCADA systems used on oil rigs and other areas of the oil industry are using outdated networking protocols that can easily be compromised, SCADA experts told attendees at the Black Hat security conference.

Attackers can cause an oil tank to nearly overflow by sending spoofed commands to the programmable logic controller, Brian Meixell and Ercik Forner, researchers from Cimation, told attendees on Thursday. In a live demonstration, Meixell and Forner sent commands to a simulated model of an oil well and a pump to switch to “high” and spill the oil. The team also sent fake data using several Python scripts, making the system think the pump was empty when it was actually close to overflowing.

Hacking Oil Rigs“So you can have the operator seeing something entirely different than what’s happening in the process, causing the pipe to burst and the tank to overflow,” Forner told attendees. “The operator would see the tank levels decreasing, when in fact they were increasing.”

The duo also hacked the remote terminal unit’s HMI and cause a game of Solitaire to appear on the screen at the conclusion of the talk.

Unlike previously disclosed issues in SCADA systems, Forner and Meixell didn’t exploit any specific security flaws of vulnerabilities in the systems for their attack. This hack relies entirely on the fact that there is no security built-in to the serial Modbus/TCP networking protocol. Dating back to the 1970s, Modbus operates on port 502, and has “no authentication or security at all desgigned into it,” Forner said.

The SCADA system is sending packets over the network without any kind of authentication and using scripts to send remote commands to the PLC devices. The researchers were able to disable logic designed to detect the status of the pump and make it work opposite to what it was supposed to do.

Forner and Meixell are familiar with the issues in these systems, as they support and install SCADA systems in oil rigs. “We only had a 24-volt pump in the demo, but this could cause a complete environmental catastrophe” if used against a real oil-drilling operation, Forner said.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Black Hat

Black Hat 2019 recently wrapped in Las Vegas, where somewhere between 15,000 and 20,000 experts descended to experience the latest developments in the world...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Black Hat

Cris Thomas, also known as Space Rogue, was a founding member of the Lopht Heavy Industries hacker collective.

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...

ICS/OT

Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...