Turns out that these are now controlled with wireless links using off-the-shelf hardware with ten year old security.
From Forbes:
Exclusive: Hackers Take Control Of Giant Construction Cranes
Federico Maggi will never forget the first time he saw a crane being hacked.
Last March, he was on a strange kind of road trip. Travelling the Lombardi region of Italy with his colleague Marco Balduzzi in a red Volkswagen Polo, the pair hoped to convince construction site managers, who they’d never met or spoken with before, to let them have a crack at taking control of cranes with their hacking tools.
Surprise, surprise: They weren’t having much luck. But one such manager, who Maggi fondly remembers as Matteo, was game. Armed with laptops powered by the VW’s battery, scripts for running their hacks and some radio hardware to beam out the exploit code, Maggi and Balduzzi got to work.
Matteo was asked to turn off his transmitter, the only one on-site capable of controlling the crane, and put the vehicle into a “stop” state. The hackers ran their script. Seconds later, a harsh beeping announced the crane was about to move. And then it did, shifting from side to side. Looking up at the mechanism below a wide blue sky, Matteo was at first confused.
“I remember him looking up and asking, ‘Who is doing that ?’ Then he realized the test was successful,” Maggi recalls.
A really thorough (82 page PDF) analysis of the problem can be found at Trend Micro Research:
A Security Analysis of Radio Remote Controllers for Industrial Applications
Radio frequency (RF) remote controllers are widely used in manufacturing, construction, transportation, and many other industrial applications. Cranes, drills, and miners, among others, are commonly equipped with RF remotes. Unfortunately, these devices have become the weakest link in these safety-critical applications, characterized by long life spans, high replacement costs, and cumbersome patching processes. Given the pervasive connectivity promoted by the Industry 4.0 trend, we foresee a security risk in this domain as has happened in other fields.
Our research reveals that RF remote controllers are distributed globally, and millions of vulnerable units are installed on heavy industrial machinery and environments. Our extensive in-lab and on-site analysis of devices made by seven popular vendors reveals a lack of security features at different levels, with obscure, proprietary protocols instead of standard ones. They are vulnerable to command spoofing, so an attacker can selectively alter their behavior by crafting arbitrary commands — with consequences ranging from theft and extortion to sabotage and injury.
A tech savvy ex-employee with a grudge could cause a lot of trouble. This is the same problem that caused (and is still causing) so much trouble with industrial SCADA systems.
Leave a comment