It might sound like something out of a Hollywood blockbuster — hackers getting into position behind a control panel and taking over a construction site, using the equipment there to wreak large-scale havoc. Unfortunately, in a new paper published today by researchers Federico Maggi and Marco Balduzzi, it’s not as far-fetched as it sounds.
Indeed, the researchers who work at cybersecurity firm Trend Micro are sounding the alarm about how vulnerable construction cranes are to hackers who might want to cause mischief and destruction, with the video above walking through some of the finer points about how it’s done.
Ahead of their paper’s publication today, the researchers had a chat with Forbes about what they’ve been able to do and why it’s so worrisome. Basically, the pair went on what sounds like a pretty strange road trip. Piling into a red Volkswagen Polo, they visited more than a dozen construction sites in Italy and talked with construction site managers. Just showing up, cold, trying to convince them their cranes were vulnerable and, look, let us show you.
At one construction site, “Matteo was asked to turn off his transmitter, the only one on-site capable of controlling the crane, and put the vehicle into a ‘stop’ state,” Forbes reports. “The hackers ran their script. Seconds later, a harsh beeping announced the crane was about to move. And then it did, shifting from side to side.”
They tried things out at first on a toy crane in their office before leveling up to, you know, the real deal. Essentially, the Trend Micro research pair exploits the communications between cranes and their control mechanisms. The researchers reverse-engineer the signals coming from the crane’s radio frequency controller, learning how to copy commands they can give back to the crane.
Again, the bottom line that they unfortunately learned, per Forbes: Cranes are “hopelessly” vulnerable. And unless the manufacturers involved do a better job of securing the systems they’re part of, the potential for catastrophe is “very real.” To make matters worse, according to Trend Micro vice president for cloud security Mark Nunnikhoven, the attacks involved in this kind of thing are cheap and simple.
“The core of the problem lies in how, instead of depending on wireless, standard technologies, these industrial remote controllers rely on proprietary RF protocols, which are decades old and are primarily focused on safety at the expense of security,” a Trend Micro summary of the research explains.
“…Industrial radio remote controllers have higher replacement costs and longer service life spans than run-of-the-mill consumer remotes. This means that vulnerabilities can persist for years, if not for decades.”