CyberX Security Researchers Demonstrate Exfiltration of Reconnaissance Data from Air-Gapped ICS/SCADA Networks

The security research team at CyberX, provider of the most widely-deployed industrial cybersecurity platform for continuously reducing industrial control system (ICS) risk, demonstrated a stealthy hack at Black Hat Europe 2017 that once again shattered the myth of the air-gapped ICS network.

During their presentation “Exfiltrating Reconnaissance Data from Air-Gapped ICS/SCADA Networks”, CyberX VP of Research David Atch and security researcher George Lashenko showed how by injecting specially-crafted ladder logic code into Programmable Logic Controllers (PLCs), the hack generates encoded radio signals that can then be received by ordinary AM radios in order to exfiltrate sensitive data from air-gapped networks. This crafty technique could be used to exfiltrate corporate trade secrets such as proprietary formulas, military secrets such as nuclear blueprints, and reconnaissance data for use in future destructive attacks such as details about ICS network topologies and device configurations.

The CyberX team has made the materials from the air-gapped exfiltration simulation publicly available for the benefit of the ICS/SCADA security community:

  • Learn more about how CyberX became the first ICS security vendor to demonstrate a live ICS/SCADA security exploit at Black Hat here.
  • View the white paper for Exfiltrating Reconnaissance Data from Air-Gapped ICS/SCADA Networks here.
  • Click on the image below to access the complete slide deck presented at Black Hat “Exfiltrating Reconnaissance Data from Air-Gapped ICS/SCADA Networks
  • Watch the step-by-step demo of the simulated air-gap exfiltration below:

Interested in learning how CyberX can protect your ICS/SCADA environment from hacks like this? Request a demo of our ICS/SCADA cybersecurity platform.