Nope, S7ill Not Secure: Stealing Private Keys From S7 PLCs
Unknown
Black Hat USA 2024 · Day 1 · Briefing
This talk, presented by Alon Dankner and Nadav Adir from the Technion, delves into the continued security vulnerabilities of Siemens S7 Programmable Logic Controllers (PLCs), specifically the S7 1500 series, despite Siemens' adoption of TLS 1.3 for secure communication. The research, which marks the team's fourth appearance at Black Hat addressing Siemens PLC security, reveals a critical flaw: the ability to retrieve the private key directly from an S7 1500 PLC over the network. This capability stems from a specific protocol feature provided by Siemens, inadvertently undermining the very cryptographic protections it sought to implement.