Cranes and Heavy Machinery Vulnerable to Cyberattacks
Security researchers from Trend Micro have analyzed the communication mechanisms in cranes and other industrial machines and discovered serious vulnerabilities that allow for remote cyberattacks. Cranes, lifts, drills, and other heavy equipment used in manufacturing, construction, freight transport, and mining often rely on radio frequency (RF) controllers. Typically, these systems consist of a transmitter that sends commands via radio waves and a receiver that interprets these commands.
The Trend Micro researchers closely examined RF controllers from various manufacturers, including Saga, Juuko, Telecrane, Hetronic, Circuit Design, Autec, and Elca. They found a number of vulnerabilities that could be exploited to carry out different types of attacks. The specialists reported these issues to the manufacturers, and some companies have already started implementing appropriate security measures.
The biggest problem across all manufacturers is the lack of protection for the signals transmitted from the transmitter to the receiver. As a result, an attacker can intercept the signals and send fake commands.
Types of Possible Attacks
In total, the researchers described five types of possible attacks on RF controllers. The simplest is a replay attack, which involves intercepting and resending valid signals. One variation of this attack is repeatedly sending the emergency stop command, causing the crane to remain in a constant denial-of-service state.
A more dangerous attack involves command injection. Attackers can intercept and modify RF packets before they reach the receiver, allowing them to gain full control over the targeted machine.
According to the researchers, attackers with some technical skills can create a “clone” of the targeted remote controller, connect it to the crane (while disabling the real controller), and gain complete control over the machine.
The most advanced type of attack requires even more expertise. This attack involves injecting a trojan into the controller’s firmware, which would give the attacker full control over the machine.