Hacking SCADA: How We Attacked a Company and Lost them £1.6M with Only 4 Lines of Code

INSINIA’s latest research and talks reviewed 25 years of industrial control kit, going back to the days of proprietary equipment and X21 connections before discussing proof-of-concept attacks.

In 2018 INSINIA gave this talk and variants of it at BSides London, Defcon 26, Confidence Poland and Steelcon to name a few.

The research was focused on an INSINIA developed device that automatically scans networks and shuts down components. The “weaponised” Arduino micro-controller looks like a regular programmable logic controller (PLC) to other devices on the network. If it is physically planted on a targeted environment, it can quickly enumerate networks before sending stop commands. It can kill industrial processes with only four lines of code.

A good write up of the London talk can be found here:

Pwned with '4 lines of code': Researchers warn SCADA systems are still hopelessly insecure

A recording of the DefCon 26 talk can be found here:

In 2019 INSINIA will release the next round of research into industrial and IoT security which looks at low-level software vulnerabilities and issues in proprietary wireless protocols.