Good Night, and Good Luck: a Control Logic Injection Attack on OpenPLC

EasyChair Preprint no. 10017

Abstract

Real hardware PLCs are quite pricey, and sometimes are unaffordable for scientists/engineers to build up small testbeds, and conduct their experiments or academic researches. For all that, the OpenPLC project introduces a reasonable alternative option and offers flexibility in programming codes, simulating physical processes and also the possibility of being utilized with low-cost devices e.g., Raspberry Pi and Arduino Uno. Unfortunately, the OpenPLC project was designed without any security in mind i.e., it lacks protection mechanisms such as encryption, authorization, anti-replay algorithms, etc. This allows attackers to fully access the OpenPLC and makes unauthorized changes e.g., start/stop the PLC, setting/updating passwords, removing/altering the user-program, and others. In this paper we conduct intensive investigations and disclose some vulnerabilities existing in the OpenPLC project, showing that an attacker without any prior knowledge neither to the user credentials, nor to the physical process; can access critical information and maliciously alter the user-program the OpenPLC executes. All our experiments were conducted on the latest version of the OpenPLC i.e., V3. Our experimental results proved that attackers can confuse the physical process controlled by the infected OpenPLC. Finally we suggest security recommendations for the OpenPLC founder and engineers to close the disclosed vulnerabilities and have more secure OpenPLC based environments.

Keyphrases: Control Logic Injection Attacks, cyber attacks, Cyber Security, OpenPLC

@Booklet{EasyChair:10017,
  author = {Wael Alsabbagh and Chaerin Kim and Peter Langendörfer},
  title = {Good Night, and Good Luck: a Control Logic Injection Attack on OpenPLC},
  howpublished = {EasyChair Preprint no. 10017},

  year = {EasyChair, 2023}}