RF remote controllers vulnerable to hacking, says Trend Micro
Industrial remote contollers for cranes and drills found to have serious vulnerabilities
Industrial radio frequency (RF) remote controllers used to control heavy equipment are vulnerable to remote hacking, according to Trend Micro.
The security company has compiled a report on RF remote controllers from the seven leading vendors, used with industrial plant including cranes, drills, mining machinery and other devices. Trend proved that an attacker could persistently and remotely take control of, or simulate the malfunction of, the attacked machinery.
The report, A Security Analysis of Radio Remote Controllers for Industrial Applications, showed that RF controllers create serious risk due to the high levels of connectivity. The vulnerabilities are also exacerbated because such equipment has long lifespans, high replacement costs and cumbersome patching processes.
"This research demonstrates a concerning reality for owners and operators of heavy industrial machinery where RF controllers are widely found," said Bill Malik, VP of infrastructure strategies for Trend Micro. "By testing the vulnerabilities our researchers discovered, we confirmed the ability to move full-sized industrial equipment deployed at construction sites, factories, and transportation businesses. This is a classic example of both the new security risks that are emerging, as well as how old attacks are being revitalized, to attack the convergence of OT and IT."
Trend Micro discovered three basic failings in RF controllers: no rolling code; weak or no cryptography; and a lack of software protection. Leveraging these basic weaknesses enabled five remote and local attack types, which are detailed in the report. To help facilitate the research, an RF analyzing tool, RFQuack, was also developed.
Many operational technologies in industrial settings are now facing cyber risks due to newly added connectivity. According to Gartner, "IoT devices must remain secure for many years, potentially decades. IoT devices are also exposed or unprotected. This combination of time and space presents a different security profile than that of traditional IT assets. Security and risk management leaders must identify key industrial assets and systems, and prioritize protection of these assets based upon their mission criticality and integrated risks to OT and IT systems."
The vulnerabilities have been disclosed through the Zero Day Initiative (ZDI).
Beyond prioritizing the cyber risks associated with these devices, Trend Micro recommends companies that use RF controllers implement comprehensive security measures, including software and firmware patching, as well as building on standardized protocols.