Sam Hamra
Ethical Hacking: Threat modeling and penetration testing a remote terminal unit
Remote terminal units are microprocessor controlled electronic devices that
acts as an interface between control systems and objects in the realworld. They
are used in a range of highly critical infrastructures, and thus their security is
of high priority. This thesis will present the security analysis and testing of
a remote terminal unit. A threat model was created to identify threats to the
system and a few key threats were selected for further penetration testing. The
testing lead to the identification of a denial of service vulnerability as well as
code injection vulnerability in the SD card storage of the remote terminal unit.
The conclusions is that the system is rather robust from a remote attackers
perspective although more vulnerabilities arise as an attacker gains physical
access to the device.