Boing Boing Staging

Security researchers reveal defects that allow wireless hijacking of giant construction cranes, scrapers and excavators

A Security Analysis of Radio Remote Controllers for Industrial Applications

Using software-defined radios, researchers from Trend Micro were able to reverse-engineer the commands used to control massive industrial machines, including cranes, excavators and scrapers; most of these commands were unencrypted, but even the encrypted systems were vulnerable to “replay attacks” that allowed the researchers to bypass the encryption.

The lack of authentication (researchers say these are less secure that typical keyless entry fobs for cars, and those suck) means that the machines can be remotely controlled by unauthorized people, enabling attacks ranging “from theft and extortion to sabotage and injury.”

The systems use a dog’s breakfast of custom codes and command system, with no standardization, let alone basic security. All systems pose some risk of vulnerabilities, but in this case it’s like they didn’t even try.

Five different kinds of attack were tested. They included: a replay attack, command injection, e-stop abuse, malicious re-pairing and malicious reprogramming. The replay attack sees the attackers simply record commands and send them again when they want. Command injection sees the hacker intercept and modify a command. E-stop abuse brings about an emergency stop, while malicious re-pairing sees a cloned controller take over the functions of the legitimate one. And malicious reprogramming places a permanent vulnerability at the heart of the controller so it can always be manipulated.

So straighforward were the first four types of attack, they could be carried out within minutes on a construction site and with minimal cost. The hackers only required PCs, the (free) code and RF equipment costing anywhere between $100 and $500. To deal with some of the idiosyncracies of the building site tech, they developed their own bespoke hardware and software to streamline the attacks, called RFQuack.

Attacks Against Industrial Machines via Vulnerable Radio Remote Controllers: Security Analysis and Recommendations [Federico Maggi and Marco Balduzzi/Trend Micro]

Exclusive: Hackers Take Control Of Giant Construction Cranes [Thomas Brewster/Forbes]

(via Bruce Schneier)

Exit mobile version