LED Alert: Supply Chain Threats for Stealthy Data Exfiltration in Industrial Control Systems

Dimitrios Tychalas, Anastasis Keliris, Michail Maniatakos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Industrial Internet-of-Things has been touted as the next revolution in the industrial domain, offering interconnectivity, independence, real-time operation, and self-optimization. Integration of smart systems, however, bridges the gap between information and operation technology, creating new avenues for attacks from the cyber domain. The dismantling of this air-gap, in conjunction with the devices' long lifespan -in the range of 2030 years-, motivates us to bring the attention of the community to emerging advanced persistent threats. We demonstrate a threat that bridges the air-gap by leaking data from memory to analog peripherals through Direct Memory Access (DMA), delivered as a firmware modification through the supply chain. The attack automatically adapts to a target device by leveraging the Device Tree and resides solely in the peripherals, completely transparent to the main CPU, by judiciously short-circuiting specific components. We implement this attack on a commercial Programmable Logic Controller, leaking information over the available LEDs. We evaluate the presented attack vector in terms of stealthiness, and demonstrate no observable overhead on both CPU performance and DMA transfer speed. Since traditional anomaly detection techniques would fail to detect this firmware trojan, this work highlights the need for industrial control system-appropriate techniques that can be applied promptly to installed devices.

Original languageEnglish (US)
Title of host publication2019 IEEE 25th International Symposium on On-Line Testing and Robust System Design, IOLTS 2019
EditorsDimitris Gizopoulos, Dan Alexandrescu, Panagiota Papavramidou, Michail Maniatakos
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages194-199
Number of pages6
ISBN (Electronic)9781728124902
DOIs
StatePublished - Jul 2019
Event25th IEEE International Symposium on On-Line Testing and Robust System Design, IOLTS 2019 - Rhodes, Greece
Duration: Jul 1 2019Jul 3 2019

Publication series

Name2019 IEEE 25th International Symposium on On-Line Testing and Robust System Design, IOLTS 2019

Conference

Conference25th IEEE International Symposium on On-Line Testing and Robust System Design, IOLTS 2019
CountryGreece
CityRhodes
Period7/1/197/3/19

Keywords

  • Embedded systems security
  • device tree
  • direct memory access
  • supply chain attack

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Hardware and Architecture
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'LED Alert: Supply Chain Threats for Stealthy Data Exfiltration in Industrial Control Systems'. Together they form a unique fingerprint.

Cite this