How we hacked a $100K Gas Chromatograph without having it, and how you can do it too
The challenge in ICS/OT is getting your hands on the rare and expensive equipment. That’s why we developed a couple of methods to research devices merely based on their firmware, without physically owning the esoteric devices.
During this presentation, we will delve into our exploration of a Gas Chromatograph valued at $100,000. Chromatography is a discipline employed to differentiate between various constituents within a substance. One notable aspect of such equipment is the ethernet capability which opens the opportunity for remote network based attacks.
How do we approach identifying vulnerabilities in such equipment? The solution lies in the firmware disassembling from the ground up and mapping key components to enable full device emulation. Fortunately, the firmware was accessible online, enabling us to both simulate the core functionality of the chromatograph and reconstruct internal structures and proprietary protocols, all without the need for the physical peripherals.