'Look mom! No vulns!”: Attacking Smart Systems By Faking Signals, No 0-Days Required. - Michael Shalyt
(45 mins) Michael Shalyt, Head of Product and Red Team, Aperio. As the world becomes increasingly Smart, we rely more and more on remote sensor data to be our eyes and ears. From the cameras used by security guards at a bank to the turbine RPM sensor used by control room operators at a power plant. Both humans and algorithms make decisions based on this data, all day, everyday. But what if that information is wrong? What if an attacker manipulates the decision makers (be it man or machine) into doing the wrong thing? An intelligent adversary can wreak havoc on a Smart system by faking sensor information, thus creating an illusion of a false state. The lie can hide malicious activity by simulating a normal system state, or even worse: fooling the system into damaging itself. In this talk we’ll discuss several real life scenarios of damage done by state awareness failure, from statewide blackouts to traffic jams. We’ll talk about the unique fingerprint of every physical process and state - and see a demonstration distinguishing 2 identical motors. Then we’ll use this technique to detect synthetic and fake data by “reading between the lines” of the signal. Finally, we’ll show a live SCADA attack demonstration from our lab that hides the damage it’s causing from the control room operators and demonstrate how such an illusion can be broken using intelligent algorithms.