Defense Speak Interpreted: Understanding What the Department of Defense Is, and Isn’t
American Made Advocacy: Rebuilding America’s Military Stockpiles Begins With Microelectronics
The Right Approach: The End of an Era—DoD Proposes MIL-PRF-31032 Cancellation
TAU and Technion Researchers Hack One of World's Most Secure PLCs
August 12, 2019 | Tel Aviv UniversityEstimated reading time: 2 minutes
Cybersecurity researchers at Tel Aviv University and the Technion Institute of Technology have discovered critical vulnerabilities in the Siemens S7 Simatic programmable logic controller (PLC), one of the world's most secure PLCs that are used to run industrial processes.
Prof. Avishai Wool and M.Sc student Uriel Malin of TAU's School of Electrical Engineering worked together with Prof. Eli Biham and Dr. Sara Bitan of the Technion to disrupt the PLC's functions and gain control of its operations.
The team is slated to present their findings at Black Hat USA week in Las Vegas this month, revealing the security weaknesses they found in the newest generation of the Siemens systems and how they reverse-engineered the proprietary cryptographic protocol in the S7.
The scientists' rogue engineering workstation posed as a so-called TIA engineering station that interfaced with the Simatic S7-1500 PLC controlling the industrial system. "The station was able to remotely start and stop the PLC via the commandeered Siemens communications architecture, potentially wreaking havoc on an industrial process," Prof. Wool explains. "We were then able to wrest the controls from the TIA and surreptitiously download rogue command logic to the S7-1500 PLC."
The researchers hid the rogue code so that a process engineer could not see it. If the engineer were to examine the code from the PLC, he or she would see only the legitimate PLC source code, unaware of the malicious code running in the background and issuing rogue commands to the PLC.
The research combined deep-dive studies of the Siemens technology by teams at both the Technion and TAU.
Their findings demonstrate how a sophisticated attacker can abuse Siemens' newest generation of industrial controllers that were built with more advanced security features and supposedly more secure communication protocols.
Siemens doubled down on industrial control system (ICS) security in the aftermath of the Stuxnet attack in 2010, in which its controllers were targeted in a sophisticated attack that ultimately sabotaged centrifuges in the Natanz nuclear facility in Iran.
"This was a complex challenge because of the improvements that Siemens had introduced in newer versions of Simatic controllers," adds Prof. Biham. "Our success is linked to our vast experience in analyzing and securing controllers and integrating our in-depth knowledge into several areas: systems understanding, reverse engineering, and cryptography."
Dr. Bitan noted that the attack emphasizes the need for investment by both manufacturers and customers in the security of industrial control systems. "The attack shows that securing industrial control systems is a more difficult and challenging task than securing information systems," she concludes.
Following the best practices of responsible disclosure, the research findings were shared with Siemens well in advance of the scheduled Black Hat USA presentation, allowing the manufacturer to prepare.
Share on:
Testimonial
"The I-Connect007 team is outstanding—kind, responsive, and a true marketing partner. Their design team created fresh, eye-catching ads, and their editorial support polished our content to let our brand shine. Thank you all! "
Sweeney Ng - CEE PCBSuggested Items
SPARK Microsystems Selected for CAD $1M in Government of Canada-backed FABrIC Funding
05/14/2026 | BUSINESS WIRESPARK Microsystems, a Canadian fabless semiconductor company specializing in next-generation short-range wireless communications, has been selected by FABrIC as a CAD $1 million grant recipient funded by the Government of Canada.
Rethinking Reinforcement Materials for Advanced Packaging
05/14/2026 | Ivana Ivanovic-Hesselink, Flexiramics B.V.Materials that once quietly supported the industry are now becoming limiting factors. The electronics industry is experiencing unprecedented pressure as RF systems push into mmWave frequencies, high-speed digital architectures advance into their next performance generation, and power densities climb across automotive, telecom, aerospace, and computing. Reinforcement materials, long treated as a background detail in laminate design, are suddenly at the centre of performance, reliability, and supply‑chain discussions.
Road to Reliability: Engineering High Uptime EV Charging Infrastructure
05/13/2026 | Stanton Rak, SF Rak CompanyThe transition to EVs is no longer constrained solely by vehicle capability. Instead, it is increasingly defined by a simpler, but more unforgiving question: Will the charger work when I arrive? This high uptime does not happen by accident. As EV technology has matured, limitations in battery range, power electronics, and thermal management are no longer the primary barriers to adoption.
Protecting Advanced Trucking Electronics in Harsh Environments
05/13/2026 | Beth Massey, MacDermid Alpha Electronics SolutionsFor decades, trucking was defined by horsepower, payload, and driver endurance. Today, the competitive edge lies in electronics, as advanced sensing, communications, and data processing systems reshape how commercial vehicles operate. The industry is rapidly digitizing, with electronic systems now critical to safety, uptime, and fleet efficiency. Technologies like ADAS, radar, lidar, and telematics enable real-time decision-making, while distributed sensors monitor key vehicle functions. Because these systems operate in harsh conditions, environmental protection using potting, coatings, and encapsulation is now a core design priority.
Nokia, Lockheed Martin Launch Mission-Critical 5G Solution for U.S. Defense Standards
05/11/2026 | Lockheed MartinNokia Federal Solutions and Lockheed Martin announced the launch of a new modular, open‑architecture 5G solution built for the U.S. and allied defense forces.