Electricity is of paramount importance in our everyday lives. Our dependence on it is particularly evident during even brief power outages. You can think of power systems as the backbone of critical infrastructures. To date, cyber-attacks against power systems are considered to be extremely sophisticated and only within the reach of nation-states. However, through this presentation we will challenge this perception, and provide a structured methodology towards attacking a power system on a limited budget.
When gathering information during the design phase of an attack, it is electrifying what you can find on the internet if you know what to look for. We will demonstrate information obtained from the web that can be leveraged to model and analyze a target power system, and how we can use this information to model power systems throughout the globe.
However, this talk is not just about theory. We will demonstrate a critical vulnerability we discovered in General Electric Multilin products widely deployed in power systems. Essentially, we completely broke the home brew encryption algorithm used by these protection and management devices to authenticate users and allow privileged operations. Knowledge of the passcode enables an attacker to completely pwn the device and disconnect sectors of the power grid at will, locking operators out to prolong the attack. We will also show a technique for remotely fingerprinting affected devices over the network.
The talk includes a live demo showcasing exploitation of the vulnerability on a feeder management relay and how this vulnerability can have significant impact on a nation. We will discuss mitigation strategies, including the specific firmware update that addresses this vulnerability, and provide our thoughts on what the next steps in securing the power infrastructure should be. Tune in for more.