Research Output

WaterLeakage: A Stealthy Malware for Data Exfiltration on Industrial Control Systems Using Visual Channels

  Industrial Control Systems (ICS) have faced a growing number of threats over the past few years. Reliance on isolated controls networks or air-gapped computers is no longer a feasible solution when it comes to protecting ICS. It is because the new architecture of control networks requiring interaction with Internet technologies. Such connection has allowed businesses to access the data from Distributed Control Systems (DCS) or Programming Logic Controllers (PLC) from anywhere in a real-time manner. On the other hand, this connectivity exposes control networks, with low or poor security in place, to a wide range of new attacks such as ransomware, trojans and malware. Moreover, the human factor is one of the biggest threats on ICS given that unintentional mistakes or disgruntled employees can potentially cause hazardous changes/damages in the control process. In this paper, we present a stealthy malware named as WaterLeakage that exfiltrates information from an uninterrupted clean water supply system using a visual covert channel. For the experiment, we physically modelled such system using the Festo Rig MPA Compact Workstation. Our developed plug and play WaterLeakage malware is placed on a Raspberry Pi connected to the control network. The malware extracts vital information from the PLC such as CPU Model, Vendor, and Input Memory Values and then exfiltrates this information using two lamps connected to the output memory of the PLC. In our experiments, a receiver has been configured with two different resolutions to record the exfiltrated information and further decode them back to the original sensitive data. The results show that by using our WaterLeakage malware an attacker can successfully collect the important information from the control process, which can be used further to plan more sophisticated attacks on ICS.

  • Date:

    14 November 2019

  • Publication Status:


  • Publisher


  • DOI:


  • Library of Congress:

    QA75 Electronic computers. Computer science

  • Dewey Decimal Classification:

    005.8 Data security

  • Funders:

    Edinburgh Napier Funded


Robles-Durazno, A., Moradpoor, N., McWhinnie, J., & Russell, G. (2019). WaterLeakage: A Stealthy Malware for Data Exfiltration on Industrial Control Systems Using Visual Channels. In Proceedings of 15th IEEE International Conference on Control & Automation (ICCA)



Industrial Control Systems (ICS), Distributed Control Systems (DCS), data security,

Monthly Views:

Available Documents

  • pdf

    WaterLeakage: A Stealthy Malware...

    Number of Downloads in the past year: 3

    © 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works

  • Downloadable citations