There are two weeks left to submit your session proposal for the S4x17 Main Stage or Stage 2: Technical Deep Dives. Take a look at the Call For Presentations and submit this month.
This S4xVideo is a great example of what we try to do on Stage 2. Jalal Bouhdada and Erwin Paternotte are two researchers the most of the ICS security had not heard of that came in and gave an important, highly technical presentation with new information for people who are experts in this field.
The researchers dig into the protocol and implementation of WirelessHART to identify security strengths and weaknesses as well as areas that deserve future research.
The main findings are:
1) the most important crypto key, the Join Key, is often left as the vendor default. This default is often in the documentation, and even if not will be available with a reasonable Internet search. Many if not most deployments are not changing the default Join Key.
Asset owners are getting a false sense of security and not properly managing risk. They hear that WirelessHART is secure, but the deployment team, and often the sales team, neglects to mention that some level of key management is required to achieve this security.
2) The firmware could be extracted via JTAG on all 5 vendor systems the researchers looked at. They were able to identify where the Join Key was in the firmware. While it was encrypted or encoded, unknown at the time, they could copy this into their own WirelessHART device and join the network.
Really great work by these researchers that we hope to see more from in the future.