Power of Community: new ACS or Choo Choo PWN attacks in Korea

Choo choo
In recent years, the most developed countries of this region (South Korea, Japan, China, Taiwan, Singapore) occupy leading world positions in the production and implementation of high-speed land transport. Electronic-stuffed trains, such as Hyundai, Series E5 Hayabusa, CRH 380 Series, literally fly between Asian cities, covering 300 kilometers or more in an hour.

It is difficult to imagine the consequences of a disaster or possible damage if cyberterrorists try to attack modern transport systems. Meanwhile, the developers of such systems still do not pay enough attention to security issues, which was demonstrated during the Choo Choo PWN contest, which arrived on tour in Seoul.
The Choo Choo Pwn booth created in Positive Technologies laboratory is a model of a gaming railway, all of whose elements, from trains to barriers and traffic lights, are controlled by an automated process control system assembled on the basis of three SCADA systems.

It was not so easy to deliver everything we needed to Korea (and the assembly of the stand took a whole day), but we coped with this task.

Participants from different countries were supposed to gain access to the railway model and container loading control system, exploiting vulnerabilities of industrial protocols and bypassing the authentication of SCADA systems and web interfaces of industrial equipment. Having gained access to the ACS TP network, HMI, or industrial controllers, the contestants had to disrupt the operation of certain parts of the railway layout or take control of the target systems. In addition, they needed to disable CCTV cameras.

More than 30 information security experts took part in the hacking of the Choo Choo PWN stand. The winners were several people at once. Lim Jung Won, Hee-chan Lee and Eun-chang Lee discovered weaknesses in the Modbus protocol and gained control over the crane loading system for containers, which was controlled using products from Siemens (Simatic WinCC flexible 2008) and ICP DAS (remote device input-output). Grace Kim, Jenny Kim and Chin Bin In, in turn, gained access to the railway model management system, having discovered and implemented security flaws in Siemens WinCC 7.0 SP2 and in the Siemens SIMATIC S7-1200 controller (S7 protocol).
Special prizes were awarded to Jonas Zaddach, who used the zero-day vulnerability in the S7-1200 PLC to conduct a DoS attack, and his colleague Lucian Cojocar, who found it. It is worth noting Jenny Kim - the only girl among the winners who amazed everyone with her determination and perseverance. And Lim Jung Won was the first to understand the Modbus protocol and write a semi-automatic script for controlling a rail loading crane.
SCADA Security
A report by Techniques of Attacking Real SCADA & ICS Systems , presented by Positive Technologies experts, covered the same topic. Alexander Timorin, Yuri Goltsev and Ilya Karpov shared the latest research results in the field of security of industrial protocols of SCADA systems and rich practical experience in auditing information systems of vital infrastructure facilities.
The presentation by Sergey Gordeychik and Alexei Moskvin, who presented the report Automatic Exploit Generation for Application Source Code Analysis, was also of great interest .

During this presentation, students learned about a new technology for analyzing source code, which allows automating the search for vulnerabilities, the detection of bookmarks and undeclared features in applications.
In addition, at POC'2013, two new high-tech Positive Technologies software products localized for the South Korean market were presented: PT Application Firewall, a firewall combining traditional black and white lists with the latest self-learning capabilities, as well as PT Application Inspector, security monitoring system applications combining the benefits of static, dynamic and interactive source code analysis.
Female CTF
It should be noted that within the framework of Power of Community 2013 the most original competitions based on the principles of Capture the Flag are traditionally held: the country of morning freshness presented the world with CTF Power of XX, where only girls participate.

The best of them, members of the SecurityFirst team from Song Jong Hyang University (Kim Aae-sol, Kim Ji-young, Kim Hak-soo, Park Sae-yan, Park Jeong-min), can be met in Russia in May 2014 - the winners of the Seoul CTF this time fall into the main tournament draw PHDays 2014 CTF directly, bypassing the qualifying round.
PS The Choo Choo Pwn contest was designed specifically for the international forum PHDays III, the preparation of which you can learn from our film: