Event RPE: The rIoT in the Factory
RPE: The rIoT in the Factory
Date: TBD, 2019 | Location: DreamPort Facility in Columbia MD
Bastille Day is nationally recognized holiday in France celebrated each year on July 14th. As Time Magazine tells us, its origins trace back to the storming of the Bastille prison in 1789 which was widely believed to be one of the first defining moments of French revolution. What many do not realize though is there were influential events that occurred even before July 14th, 1789. farther. Rachel Jank wrote in 2011 that the Réveillon Riots only recently has been cited as an influential event precipitating the French Revolution and occurred before the storming of the Bastille. These riots took place in between April 23rd and 28th 1789. Never heard of the Réveillon Riots? That's ok, how about the Boston Massacre? The history channel tells us that the Boston Massacre occurred on 5 March 1770. As they write, 'The conflict energized anti-Britain sentiment and paved the way for the American Revolution.' What happens during a riot? We can only imagine, confusion, panic, danger and worry. What do you do if you find yourself in a riot? How do you protect yourself? What dangers do you face first?
The Internet of Things and companion operational technology present a new swath of challenges to tackle for network defenders. How do we ensure a device in our Information Technology (IT) networks including those with wireless radios (Zigbee/ZWave, WIFI, and Bluetooth) and those in our operational technology (OT) networks are not vulnerable to exploitation or misuse?
Wireless devices can be vulnerable to over the air (OTA) exploitation that reveals critical information (e.g. WIFI encryption keys) or exploited and used as redirectors. OT devices may not be subject to the same security standards? OT devices can be exploited and used as redirection points into the network or even attacked and destroyed. Each device within your building should be considered a threat if it connects to the network which leads to the situation of a literal riot of activity if you are under direct and sustained attack.
In this RPE, DreamPort will setup a series of IT and OT devices connecting into our experiment network such as you will find in a small to medium (SMM) manufacturer. For example, connected to this fictitious factory network will be servers, PCs (and laptops), digital manufacturing devices (e.g. 3D Printers, CNC Routers and a variety of digital sensors). Participants should be prepared to attempt to survey and potentially exploit these digital devices using traditional IT offensive cyber techniques and less understood OT exploitation of devices containing IoT (e.g. 900Mhz RF, Zigbee, ZWave, Bluetooth and WIFI) and programmable logic controllers (PLC).
While this RPE is not designed to find vulnerabilities in COTs OT or IoT technology, if any are discovered, we will follow the DreamPort responsible disclosure policy to alert vendors in a timely fashion. Regardless, at least 1 hand-made IoT device will be vulnerable to exploitation.
The goal for this RPE is for a participating team to gain remote access into this experiment network and steal or alter one or more pieces of intellectual property (e.g. GCode for CNC router, STL files for 3D Printing, Source Code or other files from workstations).
This RPE will follow the DreamPort responsible disclosure policy if any discoveries are made involving commercial off the shelf technology or products. Participants must agree to this disclosure policy if they wish to participate in this competition.
There is only offense in this RPE. Participants will be evaluated on the principal goal of gaining remote access to this experiment network through an IoT device or using misusing a device to gain unauthorized access to protected information (e.g. WIFI key).
Participants must prepare to provide the following items:
- Proof of exploitation (files modified or stolen)
- Description of the vulnerability
- Exploit Code
- Private demonstration if requested
- Network Survey
- nMap NSE Scripting
- Open Source IoT/SCADA/PLC device discovery
- Vulnerability Discovery
- Offensive Cyber
- Metasploit/Routersploit/Powershell Empire, etc.
There is no one single expected solution for this RPE. We are primarily searching for products, projects or techniques for vulnerability survey of IoT and OT networks. Vulnerability survey of traditional IT assets is secondary outcome but something we are interested as well. In the event a participant discovers an exploit in an IoT or OT product we will follow and require participants to follow the responsible disclosure policy DreamPort has defined.