Sam Hamra

Ethical Hacking: Threat modeling and penetration testing a remote terminal unit

Remote terminal units are microprocessor controlled electronic devices that acts as an interface between control systems and objects in the realworld. They are used in a range of highly critical infrastructures, and thus their security is of high priority. This thesis will present the security analysis and testing of a remote terminal unit. A threat model was created to identify threats to the system and a few key threats were selected for further penetration testing. The testing lead to the identification of a denial of service vulnerability as well as code injection vulnerability in the SD card storage of the remote terminal unit. The conclusions is that the system is rather robust from a remote attackers perspective although more vulnerabilities arise as an attacker gains physical access to the device.