Focus Areas:
π§ Hardware Security
, π Application Security
, π Industrial Control Systems Security
, π‘ IoT Security
, π¬ Reverse Engineering
, π Web Application Security
Abstract
Human Machine Interfaces (HMIs) have direct access to SCADA databases including critical software programs. The majority of SCADA systems have web-based HMIs that allow the humans to control the SCADA operations remotely through Internet. This talk will unveil various flavors of undisclosed vulnerabilities in web-based SCADA HMIs including but not limited to remote or local file inclusions, insecure authentication through clients, weak password hashing mechanisms, firmware discrepancies, hardcoded credentials, insecure web-services, weak cryptographic design, cross-site request forgery, and many others.