Ghost in the PLC: Designing an Undetectable Programmable Logic Controller Rootkit via Pin Control Attack

Input/Output is the mechanisms through which embedded systems interact and control the outside world. Particularly when employed in mission critical systems, the I/O of embedded systems has to be both reliable and secure. Embedded system’s I/O is controlled by a pin based approach. In this paper, we investigate the security implications of embedded system’s pin control. In particular, we show how an attacker can tamper with the integrity and availability of an embedded system’s I/O by exploiting cerain pin control operations and the lack of hardware interrupts associated to them.