This event has ended. Visit the official site or create your own event on Sched.
Welcome to the Interactive Agenda for SecurityWeek’s 2021 APAC ICS Cyber Security Conference! (View the full conference website and register for the conference here)   -- LOGIN TO VIRTUAL EVENT HERE
Back To Schedule
Tuesday, June 22 • 3:15pm - 4:00pm
Hacking The Security Protection Mechanism of Siemens SIMATIC S7 PLCs

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Siemens SIMATIC PLCs are widely used worldwide and are used in control scenarios for critical information infrastructure, such as energy, water, power, oil and gas, and manufacturing. To protect user's applications and to prevent unauthorized operation, Siemens has designed the PLC protection mechanism. This function effectively prevents attacks from the network, and also protects application programs designed for specific processes, critical equipment PID parameters, etc. but can it really protect your PLC perfectly from attacks or theft of intellectual property (algorithms, engineering designs)?

This session will focus on the SIMATIC S7 PLCs, starting from the S7-200 up to the S7-1200/1500, and disclose in detail design flaws in the protection mechanisms of each series PLCstake these flaws as a point of attack and look for methods to bypass the protection policies,Final capture of the protected PLC application programs - the core intellectual property. Of course, bypassing the protection mechanism also allows various sensitive operations to be performed, for example, an attacker can control the irregular start and stop of the device, causing a series of chain reactions and leading to safety incidents.

This presentation will cover:
  • How to bypass the S7-200 security mechanism by using hardware disassembling and soldering, modifying flash content, and creating rogue clients; 
  • Disclosing the S7-200 SMART PLC password protection encryption algorithm, and capturing key information from traffic to crack the protection mechanism.
  • How to find mysterious information in S7-300 project files and use the mysterious information to bypass security mechanisms.
  • Crafting a dump memory tool based on the Windows platform, Searching for password information from the memory in dump


Gao Jian

ICS Security Researcher, GEWU Lab at NSFCOUS

Tuesday June 22, 2021 3:15pm - 4:00pm GMT+08