TID-411: Weak/Insecure Cryptographic Protocol

Threat Description

The device utilizes a weak or insecure cryptographic protocol or algorithm that can be broken or undermined. This could allow the threat actor to extract plaintext information from encrypted communications, extract cryptographic keys, or bypass authentication mechanisms.

A threat actor can utilize various techniques to manipulate these protocols, including brute-force guessing of keys or using cryptanalysis to decipher the text.

Threat Maturity and Evidence

Known Exploitable Weakness
Wi-Fi hack caused TK Maxx security breach
“TK Maxx’s parent company, TJX, had secured its wireless network using Wired Equivalent Privacy (WEP) — one of the weakest forms of security for wireless LANs… hackers cracked the WEP encryption protocol used to transmit data between price-checking devices, cash registers and computers at a store in Minnesota.”

CWE

CVE

Empirical Study of PLC Authentication Protocols in Industrial Control Systems
Researchers Adeen Ayub, Hyunguk Yoo, and Irfan Ahmed discovered eight protocol level authentication vulnerabilities between 5 PLCs. One of the classes of vulnerabilities they discovered was weak encryption schemes.

OT-ICEFALL - CVE-2022-30273
“The MDLC protocol offers a legacy encryption mode that encrypts traffic using the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode, which offers no message integrity and reduced confidentiality.”

OT-ICEFALL - Weak Cryptography on CODESYS V3
“The encryption scheme uses an insecure mode of operation. The code is encrypted in ECB mode without additional cryptographic authentication and integrity over the ciphertext as a whole.”

OT-ICEFALL - CVE-2022-29955
“The BSAP/IP protocol uses weak encryption to transmit passwords.”

OT-ICEFALL - CVE-2022-29960
“DES with hardcoded cryptographic keys is used to protect system credentials, engineering files, and sensitive utilities.”