Skip to main content

Research Repository

Advanced Search

WaterLeakage: A Stealthy Malware for Data Exfiltration on Industrial Control Systems Using Visual Channels

Robles-Durazno, A.; Moradpoor, N.; McWhinnie, J.; Russell, G.


A. Robles-Durazno

J. McWhinnie


Industrial Control Systems (ICS) have faced a growing number of threats over the past few years. Reliance on isolated controls networks or air-gapped computers is no longer a feasible solution when it comes to protecting ICS. It is because the new architecture of control networks requiring interaction with Internet technologies. Such connection has allowed businesses to access the data from Distributed Control Systems (DCS) or Programming Logic Controllers (PLC) from anywhere in a real-time manner. On the other hand, this connectivity exposes control networks, with low or poor security in place, to a wide range of new attacks such as ransomware, trojans and malware. Moreover, the human factor is one of the biggest threats on ICS given that unintentional mistakes or disgruntled employees can potentially cause hazardous changes/damages in the control process. In this paper, we present a stealthy malware named as WaterLeakage that exfiltrates information from an uninterrupted clean water supply system using a visual covert channel. For the experiment, we physically modelled such system using the Festo Rig MPA Compact Workstation. Our developed plug and play WaterLeakage malware is placed on a Raspberry Pi connected to the control network. The malware extracts vital information from the PLC such as CPU Model, Vendor, and Input Memory Values and then exfiltrates this information using two lamps connected to the output memory of the PLC. In our experiments, a receiver has been configured with two different resolutions to record the exfiltrated information and further decode them back to the original sensitive data. The results show that by using our WaterLeakage malware an attacker can successfully collect the important information from the control process, which can be used further to plan more sophisticated attacks on ICS.

Presentation Conference Type Conference Paper (Published)
Conference Name 15th IEEE International Conference on Control & Automation (ICCA)
Start Date Jul 16, 2019
End Date Jul 19, 2019
Acceptance Date Feb 19, 2019
Online Publication Date Nov 14, 2019
Publication Date Nov 14, 2019
Deposit Date Feb 19, 2019
Publicly Available Date Nov 14, 2019
Publisher Institute of Electrical and Electronics Engineers
Series ISSN 1948-3457
Book Title Proceedings of 15th IEEE International Conference on Control & Automation (ICCA)
Keywords Industrial Control Systems (ICS), Distributed Control Systems (DCS), data security,
Public URL
Additional Information This research is supported by the School of Computing and the School of Engineering and the Built Environment of Edinburgh Napier University
Contract Date Feb 19, 2019


WaterLeakage: A Stealthy Malware... (917 Kb)

Copyright Statement
© 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works

You might also like

Downloadable Citations