Scheduled on: February 4 at 11:00
Industrial routers are widely used in factories, power stations, manufacturing automation, ATMs and other industries to provide connectivity between different parts of manufacturing infrastructures. In such crucial areas of use, security is very important, because the cost of experiencing a security flaw is usually high. Industrial routers, just like all other routers, support a lot of network connection protocols: HTTP server for configuration and diagnostics, SSH/Telnet, FTP, SNMP and others. Modern routers also feature cellular support, as their location could be at a remote site or in a vehicle (i.e. a locomotive). Additionally, many industrial routers support vendor-specific proprietary network protocols for solving special tasks. Vulnerabilities in such network services may allow potential malefactors to gain access to critical industrial networks. Nowadays there are many solutions for industrial networks available in the market. In this presentation, I would like to talk about our research into one particular router - The Digi WR21 Wireless Router. This router is managed by a custom proprietary operating system - Sarian OS. I will focus mostly on revealing the internal workings of the OS, including network protocol implementations, security features, and a demonstration of the vulnerabilities that were identified during the research.