Critical Architectural Vulnerabilities in Siemens SIMATIC S7-1500 Series Allow for Bypass of All Protected Boot Features
Discover critical architectural vulnerabilities in the Siemens SIMATIC S7-1500 series PLCs that could allow attackers to bypass all protected boot features. Red Balloon’s research reveals that these flaws enable persistent arbitrary modifications of operating code and data, posing significant risks in industrial environments. With the potential for offline attackers to generate bootable firmware for over 100 different CPU modules, the implications are alarming. Siemens has acknowledged these vulnerabilities and is working on solutions. Learn more about the findings, the affected devices, and the recommended mitigations to safeguard your systems against these threats.
How to Instantly Accomplish Your New Year’s Resolution to Try Out OFRAK
Recently, we improved the OFRAK Python package and dependency handling, resulting in the quicker installation of more functionality.
Exploring OFRAK’s Minimap View
A bird’s eye view of firmware binaries can helps an engineer situate themselves and accelerates analysis with OFRAK’s Minimap view.
NAND Flash Dumps Made Easier with OFRAK
It is now possible to unpack, modify, and repack a raw flash dump while utilizing all of the power of current OFRAK. Learn more.
DEF CON 30 Badge Fun with OFRAK
The TL;DR? We used OFRAK to rewrite the badge firmware so that it auto-plays the solution for Challenge 1. Check out our video and full breakdown.
Embedded Systems and Aerospace & Satellite Cybersecurity
Red Balloon Security White Paper Defending From Within: Why Embedded Systems Are the Essential to Achieving Space and Satellite Cybersecurity Table of Contents: Executive Summary State of Cybersecurity in Space and Satellite Systems The Global Landscape 3 Shaping a Safer Future RedBalloonSecurity Investigations CyberLeo 2022 Defend from Within: Symbiote Embedded Defense for Satellite […]
ICS-CERT vulnerability analysis
What’s in a vulnerability: Evaluating host-based defense through recent ICS device data We analyzed data from the national vulnerability database to assess the applicability of on-device security features Whether they are discovered by independent researchers, manufacturers, or cyber attackers, device vulnerabilities traditionally have been remedied via patching. Although reactive, patching’s effectiveness is easy enough to […]
Why embedded device security is essential to ICS systems
Protections at the device level are not a replacement for security controls in OT systems and networks. They’re a necessary extension of them. Embedded devices in industrial control systems (ICS) operate within an increasingly complex array of systems, networks and protocols. The complexity is only increasing as end users require more insight into how ICS […]
Symbiote Injection Process
Multi-step analysis and calibration: How Symbiote integration works RBS’s core technology is highly effective in any embedded device environment, from cars to heavy industry, because it does not require access to source code, or any hardware modifications. On-device security is still controversial. Some industry professionals and manufacturers push back against the very idea of it […]
A security assessment of protection relays uncovers cybersecurity weaknesses
The electrical grid depends on protection relays. Our analysis of the hardware and firmware in three models should raise concerns about the state of the industry’s overall security — and safety. Ask any Texan who endured the power outages during a severe winter storm in February 2021 about the critical nature of the electrical grid, […]