Cyber crooks can play Tic-Attack-Toe on your crucial devices

Attacking your crucial devices? It’s child’s play — literally.

Researchers showed how they could play the game tic-tac-toe on an essential piece of industrial computer equipment.

Here’s why that could be problematic and possibly even dangerous.

Watch here:

Tic-attack-toe

Take a crucial piece of industrial equipment and turn it into a video game.

Researcher Tobias Scharnowski showed how his team did that — on a very limited scale — at the S4 cybersecurity conference in Miami last month.

The team, lead by Ali Abbasi of Ruhr University Bochum in Germany, found a way to get into a programmable logic controller, or PLC, as it is starting up.

“It’s going to be a tic-tac-toe field,” Scharnowski said in his presentation, as the audience broke out in laughter. “Playing tic-tac-toe.”

Though tic-tac-toe is a simple game, it shows what attackers might be able to do with one of the basic building blocks of your critical infrastructure.

Winners and Losers

The attack means that spies and crooks can potentially get into these crucial devices in an unexpected way, leaving things like your water, power and gas vulnerable.

“Instead of doing like some fun creativity with that, you could also have some more malicious creativity and potentially cause a lot of damage,” Scharnowski told Archer News.

“I’m not an expert in this kind of domain,” he added. “But if you have the wrong kind of mixes of chemicals, for example, if you had like a robotic arm do something wrong or something like this, would obviously be yeah, physical damage could occur and pretty much disaster.”

What Are the Odds?

Does this mean we need to track down each one of these devices for every traffic light, water system, gas pump, factory and power plant and change them out to keep cyber attackers from shutting it all down?

No, according to Jake Brodsky, industrial control systems security engineer at Jacobs, who also spoke at the conference.

“This is not something that someone from the other side of the planet can do from his mother’s basement. It’s not like that,” he said to Archer News. “You have to get pretty close to it.”

You have to be able to touch it, insert cables, start it up and attack during the first second.

An attacker could grab the device before it arrives at a factory, Scharnowski explained, and use the security hole to take control in a supply chain attack.

But it’s “not the highest” probability attack, he said.

Research Wasted?

The research is still valuable, Brodsky said.

“The security researchers are actually doing us a huge favor by getting involved in this, by saying, ‘You know, the code’s pretty loose,’ and, ‘What happens if we go beyond this boundary?’” he said. “‘There’s all kinds of crazy things you can do to this.’”

That could mean better code for PLCs.

“I get very concerned of the coding quality,” Brodsky said. “We need to come up with better ways and safer defensive methods of coding so that we can build more resilient systems.”

For Scharnowski, more attention to security problems in industrial computers is a big win.

“I’m trying to make a contribution towards raising the awareness,” Scharnowski said. “That would already be a pretty cool result of that.”

Addressing the Vulnerability

The team conducted their research on a Siemens PLC.

The company issued an advisory in November 2019 about “Hardware based manufacturing access on S7-1200 and S7-200 SMART.”

“Siemens is working on a solution and recommends specific countermeasures until the solution is available,” the advisory said.

The Industrial Control Systems Computer Emergency Response Team, or ICS-CERT, also issued an advisory on this vulnerability  in November 2019.

Scharnowski said his team is publishing a tool that will help people check their PLCs for this kind of attack.

He said awareness — just knowing that it is happening — is helpful, too.

Main image: Tic-tac-toe game on a computer screen. Image: Alengo/iStock