About

Conference

SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions.

Registration is Open!
Be a Speaker (CFP)
Watch Sessions from 2022
Be a Sponsor

<We_can_help/>

What are you looking for?

>Uncategorized >Exfiltrating Reconnaissance Data from Air-Gapped ICS/SCADA Networks By Injecting Ladder Logic Code into PLCs
<Uncategorized/>

Exfiltrating Reconnaissance Data from Air-Gapped ICS/SCADA Networks By Injecting Ladder Logic Code into PLCs

Presented first at SecurityWeek’s 2017 ICS Cyber Security Conference, this presentation explains how to inject specially-crafted ladder logic code into a Siemens S7-1200 PLC. The code uses memory copy operations to generate frequency-modulated RF signals slightly below the AM band (340kHz-420kHz), with the modulation representing encoded reconnaissance data. The signal can then be picked up by a nearby antenna and decoded using a low-cost Software-Defined Radio (SDR) and a PC. The receiving equipment can be located just outside the facility or even mounted on a drone flying overhead.

by
<OT Attacks, Uncategorized/>
<Uncategorized/>
Add Comment