Alpha Insights, Performance by Design: Understanding Heat at the Core of Every Design
It’s Only Common Sense: Excuses Don’t Pay Invoices
Trouble in Your Tank: Understanding Interconnect Defects, Part 1
TAU and Technion Researchers Hack One of World's Most Secure PLCs
August 12, 2019 | Tel Aviv UniversityEstimated reading time: 2 minutes
Cybersecurity researchers at Tel Aviv University and the Technion Institute of Technology have discovered critical vulnerabilities in the Siemens S7 Simatic programmable logic controller (PLC), one of the world's most secure PLCs that are used to run industrial processes.
Prof. Avishai Wool and M.Sc student Uriel Malin of TAU's School of Electrical Engineering worked together with Prof. Eli Biham and Dr. Sara Bitan of the Technion to disrupt the PLC's functions and gain control of its operations.
The team is slated to present their findings at Black Hat USA week in Las Vegas this month, revealing the security weaknesses they found in the newest generation of the Siemens systems and how they reverse-engineered the proprietary cryptographic protocol in the S7.
The scientists' rogue engineering workstation posed as a so-called TIA engineering station that interfaced with the Simatic S7-1500 PLC controlling the industrial system. "The station was able to remotely start and stop the PLC via the commandeered Siemens communications architecture, potentially wreaking havoc on an industrial process," Prof. Wool explains. "We were then able to wrest the controls from the TIA and surreptitiously download rogue command logic to the S7-1500 PLC."
The researchers hid the rogue code so that a process engineer could not see it. If the engineer were to examine the code from the PLC, he or she would see only the legitimate PLC source code, unaware of the malicious code running in the background and issuing rogue commands to the PLC.
The research combined deep-dive studies of the Siemens technology by teams at both the Technion and TAU.
Their findings demonstrate how a sophisticated attacker can abuse Siemens' newest generation of industrial controllers that were built with more advanced security features and supposedly more secure communication protocols.
Siemens doubled down on industrial control system (ICS) security in the aftermath of the Stuxnet attack in 2010, in which its controllers were targeted in a sophisticated attack that ultimately sabotaged centrifuges in the Natanz nuclear facility in Iran.
"This was a complex challenge because of the improvements that Siemens had introduced in newer versions of Simatic controllers," adds Prof. Biham. "Our success is linked to our vast experience in analyzing and securing controllers and integrating our in-depth knowledge into several areas: systems understanding, reverse engineering, and cryptography."
Dr. Bitan noted that the attack emphasizes the need for investment by both manufacturers and customers in the security of industrial control systems. "The attack shows that securing industrial control systems is a more difficult and challenging task than securing information systems," she concludes.
Following the best practices of responsible disclosure, the research findings were shared with Siemens well in advance of the scheduled Black Hat USA presentation, allowing the manufacturer to prepare.
Share on:
Testimonial
"In a year when every marketing dollar mattered, I chose to keep I-Connect007 in our 2025 plan. Their commitment to high-quality, insightful content aligns with Koh Young’s values and helps readers navigate a changing industry. "
Brent Fischthal - Koh YoungSuggested Items
Real Time with... SMTAI 2025: SPEA Bridges the Gap Between Legacy and Next-Generation Test Solutions
11/10/2025 | Real Time with...SMTAIEstablished in Italy in 1976, SPEA designs and manufactures automatic test equipment for various industries, including automotive, aerospace and defense, medical, consumer electronics, and energy. Recognized as one of Italy’s top-performing companies, SPEA continues to innovate in test automation technology. At SMTAI 2025, Dustin Warren, vice president of sales for SPEA America, discussed how the company is bridging the gap between older in-circuit test (ICT) systems and newer, more advanced testing solutions.
Lockheed Martin Revolutionizes AI Integration with STAR.OS™
11/08/2025 | Lockheed MartinLockheed Martin has made a major breakthrough in artificial intelligence (AI) technology with the introduction of the STAR.OS™ solution, a powerful new tool that enables different AI systems to work together smoothly and effectively.
Learning With Leo: UHDI—The Next Leap in PCB Manufacturing
11/05/2025 | Leo Lambert -- Column: Learning With LeoHigh density interconnect (HDI) technology has been a cornerstone of miniaturized electronics since Hewlett-Packard introduced the first chip-scale implementation in 1982. Over time, HDI processes became central to organic flip-chip packaging in the semiconductor industry. Today, the convergence of IC substrates and system-level PCBs has accelerated the adoption of UHDI.
UHDI Fundamentals: UHDI Technology and Automated Inspection
11/03/2025 | Anaya Vardya, American Standard CircuitsFollowing up on the last article on integrating ultra high density interconnect (UHDI) PCB technologies and Quality 5.0, here we will do a deeper dive into the automated inspection component. UHDI applications demand extreme precision, with line/space dimensions below 25 µm and microvias below 30 µm. Automated inspection systems are essential to achieving the defect-free fabrication required at these scales, and legacy automated inspection systems are becoming obsolete and ineffective.
OSI Systems Reports Fiscal Q1 2026 Financial Results
10/31/2025 | BUSINESS WIREOSI Systems, Inc. announced its financial results for the first quarter of fiscal 2026.