Industrial Protocol Gateways Under Analysis

Conference:  BlackHat USA 2020



The presentation discusses the vulnerabilities and security issues in small embedded devices used in smart manufacturing networks, emphasizing the importance of proper configuration and management of these devices.
  • Due to the coronavirus pandemic, the presentation time was reduced to 35 minutes from the original 50 minutes.
  • The presentation highlights the security issues in small embedded devices used in smart manufacturing networks.
  • The vulnerabilities in these devices include lack of encryption, broken authentication, and problems with availability.
  • The presentation emphasizes the importance of correctly configuring and managing these devices, including monitoring traffic and implementing intrusion detection systems.
  • The speaker suggests considering security as an important aspect in product selection and choosing vendors that provide security features.
  • The presentation also discusses the difficulties in debugging attacks on these devices due to the lack of logs and the device's small size.
  • The speaker suggests monitoring not only the TCP/IP side but also the serial side of the devices.
  • The presentation concludes by encouraging awareness of these security issues and the need for improved security in the future.
The speaker mentions that even though these small embedded devices may not be as visible as industrial robots, they play a crucial role in modern smart manufacturing networks. If something goes wrong with these devices, they can create big problems. The speaker emphasizes the need to take care of these devices and not rely on a single point of control.


With the development of the Industry 4.0, legacy devices like serial control servers or PLCs are often needed to be interconnected to modern IT networks, or to the Internet (e.g. cloud providers). To address this need, protocol gateways enable the conversion of ICS protocols, for example to connect an IP-based network to one or more serial devices, and vice-versa. While previous research has shown that protocol gateways may suffer from local operating-system vulnerabilities, it is not clear to what extent protocol conversion is resilient to attacks or abuse. To give an answer to such questions, we conducted a cross-vendor security evaluation of five popular gateways and discovered several classes of security problems that, when leveraged by adversaries, can damage or negatively impact on the operation of industrial facilities. Through our collaboration with a major bug bounty program, we reported nine 0-day vulnerabilities and we are currently working with the affected vendors in improving the current situation. In this talk, we share the results of our research and discuss the impact to the problems that we identified and potential countermeasures.This is joint work with colleagues Philippe Lin, Ryan Flores, Charles Perine, Rainer Vosseler and external researcher Luca Bongiorni.