The vulnerability was discovered by researchers at the embedded device security firm Red Balloon Security after they spent more than a year developing a methodology to evaluate the S7-1500’s firmware, which Siemens has encrypted for added protection since 2013. Firmware is the low-level code that coordinates hardware and software on a computer. The vulnerability stems from a basic error in how the cryptography is implemented, but Siemens can’t fix it through a software patch because the scheme is physically burned onto a dedicated ATECC CryptoAuthentication chip. As a result, Siemens says it has no fix planned for any of the 122 S7-1500 PLC models that the company lists as being vulnerable.  Siemens says that because the vulnerability requires physical access to exploit on its own, customers should mitigate the threat by assessing “the risk of physical access to the device in the target deployment” and implementing “measures to make sure that only trusted personnel have access to the physical hardware.” The researchers point out, though, that the vulnerability could potentially be chained with other remote access vulnerabilities on the same network as the vulnerable S7-1500 PLCs to deliver the malicious firmware without in-person contact. The Stuxnet attackers famously used tainted USB thumb drives as a creative vector to introduce their malware into “air-gapped” networks and ultimately infect then-current S7-300 and 400 series PLCs. “Seimans PLCs are used in very important industrial capacities around the world, many of which are potentially very attractive targets of attacks, as with Stuxnet and the nuclear centrifuges,” says Grant Skipper, a Red Balloon Security research scientist. The ubiquity and criticality of S7-1500 PLCs are the two traits that motivated the researchers to do a deep dive into the security of the devices. To a motivated and well-resourced attacker, any flaws could be worth exploiting. “The encrypted firmware means that without a lot of effort, you don’t have any insight inside a device, so we wanted to see what was hiding in the 1500 product line,” says Red Balloon Security research scientist Yuanzhe Wu. “The devices use a dedicated cryptography coprocessor to verify the encrypted firmware that’s loaded on the device, decrypt the firmware, and let the device boot. However, we found vulnerabilities that an attacker could abuse to make the crypto coprocessor act like an oracle to decrypt firmware and then help tamper with it to make malicious modifications.” “This separate crypto core is a very rudimentary chip. It’s not like a big processor, so it doesn’t really know who it’s talking to or what’s going on in the broader context,” Red Balloon’s Skipper says. “So if you can tell it the right things that you observed the processor telling it, it will talk to you as if you are the processor. So we can get in between the processor and the crypto core and then we basically tell it, ‘Hey, we are the processor and we are going to give you some data and we want you to encrypt it.’ And the little crypto core isn’t going to question that. It just does it.” Siemens notes that the vulnerabilities are not related to the company’s own firmware update process and do not give attackers the ability to hijack that distribution channel. But the fact that any S7-1500 can become a firmware-blessing oracle is significant and bestows a power that individual devices should not have, undermining the whole purpose of encrypting the firmware in the first place. “S7s should not be able to re-encrypt firmware for other S7s,” says Ang Cui, Red Balloon Security’s founder and CEO. “This is a fundamental design flaw and a significant implementation error.” While Siemens isn’t directly releasing any fixes for the vulnerability, the company says it is in the process of releasing new-generation processor hardware that fixes the vulnerability for several S7-1500 models. And the company says it is “working on new hardware versions for remaining PLC types to address this vulnerability completely.” The Red Balloon researchers say they have not yet been able to independently validate that the vulnerability has been fixed in this latest S7-1500 hardware. Still, the Red Balloon Security researchers say that it would be possible for Siemens to release a firmware audit tool for any PLC to check whether there has been tampering on the device. Since the vulnerability will persist on impacted devices, such a feature would give S7-1500 owners more insight into their PLCs and the ability to monitor them for suspicious activity. “It’s the same movie, just a different day,” says Red Balloon’s Cui. “Does very complicated, exotic hardware security improve overall security? Well, if you do it right, it could help, but I haven’t seen any human do it right. When you do it wrong, it always becomes a double-edged sword—and the edge of that sword is very sharp.” Though Siemens says it is addressing the S7-1500 vulnerability in new models, the population of vulnerable 1500s in industrial control and critical infrastructure systems around the world is extensive, and these units will remain in use for decades. “Siemens is saying that this will not be fixed, so it’s not just a zero day—this will remain a forever day until all the vulnerable 1500s go out of service,” Cui says. “It could be dangerous to leave this unaddressed.”