Ghost in the PLC vs GhostBuster: on the feasibility of detecting pin control attack in Programmable Logic Controllers

Programmable Logic Controllers (PLCs) are a family of embedded devices used for physical process control. Similar to other embedded devices, PLCs are vulnerable to cyber attacks. Because they are used to control the physical processes of critical infrastructures, compromised PLCs constitute a significant security and safety risk. Previously we introduced specific attack against PLCs which can stealthily manipulate the physical process it controls by tampering with the device I/O at a low level. We implemented different variants of the attack in the form of a rootkit and a user-space malicious code over a candidate PLC. We then move forward with a tailored defense which specifically detect modification of PLCs I/O to detect our attack.