"Hackers Can Extract Private Encryption Keys and Completely Takeover Siemens Industrial Devices"
Researchers from Claroty's Team 82 found a way to compromise the entire Siemens product lines by obtaining private encryption keys from Siemens industrial devices. Siemens began storing global hardcoded cryptographic keys a decade ago to ensure software and hardware integrity. In order to spare users and integrators from the complexity of key management systems, which did not yet exist for industrial systems, the manufacturer decided to hardcode the credentials. But as threats increased and technology advanced, the practice became unsafe and presented an unacceptable risk. A critical flaw, tracked as CVE-2022-38465, could make it possible for attackers to find the global private key through an offline attack. They could then launch numerous sophisticated attacks against Siemens SIMATIC S7-1200, S7-1500 Programmable Logic Controllers (PLCs), and associated goods, enabling a full takeover. If the attacker managed to extract the key, they would have complete control over each PLC in the affected Siemens product line. A malicious actor could use this secret information to compromise the SIMATIC S7-1200/1500 product line. Hardcoded encryption keys could be used by a threat actor to circumvent all security measures and launch complex attacks on industrial devices. For nation-state attackers interested in conducting cyberwarfare against critical infrastructure of opponents, this exploit is attractive. This article continues to discuss the possible extraction of private encryption keys from Siemens industrial devices and the potential compromise of Siemens product lines.