Data Info

The [TechnoPandas] team, which consists of the Positive Technologies specialists, took first place at the CTF contests, which were held during HITBSecConf in Amsterdam.

During the whole two days (they stopped just for a nap break), the teams competed in task-based CTF. The organizer of the contests was a well-known Dutch team named Eindbazen, which took part in PHDays 2012 and has been invited to PHDays III.

Some of Eindbazen also participated in HITBSecConf CTF as members of other teams. hack.ERS being one of such teams took second place. Third place went to More Smoked Leet Chicken, a Russian team that consists of former Leet More and Smoked Chicken. Note that it was the Leet More members who won PHDays CTF 2012.

Almost at the very beginning [TechnoPandas] came to the fore preventing other participants from taking the lead and, eventually, took first place. However, hack.ERS and More Smoked Leet Chicken were found struggling hard for second place.

Scoreboard

HITBSecConf is a conference devoted to information security issues. The conference is held twice a year: once in Amsterdam and once in Kuala Lumpur, Malaysia. In April in the capital of the Netherlands, the fourth conference was held. Apart from CTF contests, the program included numerous reports and hands-on labs oriented towards different aspects of information security.

During a security analysis, Positive Technologies specialists detected a critical security error in the Emerson DeltaV distributed control system. While having access to the system, an intruder is able to read and replace its configuration files, and to run commands with any users rights. The vulnerability affects DeltaV versions 10.3.1, 11.3 and 12.3. Emerson’s DeltaV is a general purpose process control system that is used worldwide primarily in the oil and gas and chemical industries.

More information about the security error can be found in the CERT bulletin ICSA-14-133-02. The Positive Technologies experts Kirill Nesterov, Alexander Tlyapov, Dmitry Nagibin, Alexey Osipov and Timur Yunusov discovered the vulnerability.

Emerson issued a patch that mitigates errors and a notice, where information about the vulnerability and recommendations on removal of possible exploitation consequences can be found.

In addition, ICS-CERT specialists recommend Emerson DeltaV users to limit access to their networks from outside, protect the networks with firewalls and use secure protocols (for example, VPN) when set up a remote access.

Emerson is a global manufacturing and technology company offering multiple products and services in the industrial, commercial, and consumer markets through its network power, process management, industrial automation, climate technologies, and tools and storage businesses.

This is not the first time when Positive Technologies specialists have detected critical vulnerabilities in production systems. Previously, Siemens released several patches to fix a number of serious vulnerabilities in certain systems, including ICS (development tools and HMI). Moreover, Positive Technologies experts helped to fix high-risk vulnerabilities in Wonderware Information Server by Invensys, which is a part of a unified solution for building SCADA and HMI systems.

Huawei thanked the Positive Technologies experts Timur Yunusov and Kirill Nesterov and the information security specialist Alexey Osipov, who detected a harmful vulnerability in Huawei 4G USB modems (E3272s) and helped to fix it.


Upon the research, the Chinese telecommunications equipment company issued a software update for the device.

According to the Huawei PSIRT bulletin, a potential intruder can block the device by sending a malicious packet. The Positive Technologies researchers claim that the vulnerability may lead to a DOS attack and remote arbitrary code execution via an XSS attack or stack overflow.

In late 2014, Positive Technologies specialists carried out a large-scale research on vulnerabilities in 4G USB modems, which included investigation of six different series of devices (including Huawei E3272s) with 30 various types of firmware.

By exploiting detected flaws, an intruder can gain rights on a remote modem, take control over the computer connected to the vulnerable modem, and obtain access to the subscribers account in the mobile operators portal. Moreover, attacks on SIM cards via binary SMS messages allow an attacker to intercept and decrypt a subscribers traffic, track his or her location, and block the SIM card. Timur Yunusov covered attacks on 4G network equipment in his speech at PHDays V in May 2015. You can watch his presentation Bootkit via SMS: 4G Access Level Security Assessment on Positive Technologies page on YouTube.

This is not the first research on the safety of telecommunications equipment and mobile network conducted by Positive Technologies experts. In January 2015, Evgeny Stroev issued a report on severe SNMP vulnerabilities in network equipment produced by Huawei and H3C. Those vulnerabilities allowed penetrating a corporate network of any company, including a technological network of a mobile carrier.

A research, carried out by Dmitry Kurbatov, Sergey Puzankov, and Pavel Novikov in February 2015, revealed that a good few of 2G and 3G mobile networks can be accessed via the internet because of open GTP ports and other open data transfer protocols (FTP, Telnet, HTTP). An attacker can connect to the node of a mobile network operator by exploiting vulnerabilities (for example, default passwords) in these interfaces.