ICSCorsair: How I will PWN your ERP through 4-20 mA current loop
Currently, ICSCorsair provides tools and abilities for attacking HART and Modbus industrial protocols. Using deep integration of modern ICS infrastructures, you can reach the upper levels of a network and even attack the corporate network servers using only the opportunity of connection to the current loop or the RS-485 line.
Modern multilayer ICS infrastructures are vast from analogue signals on the lowest layers up to Enterprise Resource Planning systems at the top of network. HART is a digital industrial automation protocol, that works over 4-20mA current loop. Current loop provides reliable and fault-proof communication. Unfortunately merits of HART are the source of its security problems. And with the popular "deep trust" between components inside ICS architecture it leads to multilayer attack possibility. If an intruder gets physical access to a section of current loop wire on which a HART transmitter is working, he possibly can gain control of the whole ERP system. This talk shows general principles of this sort of attacks, hardware and software tools needed, and the ways to protect you industry against them.