Trend Micro Researchers Prove How Easy it is Hackers to Hack a Construction Crane and Cause Destruction.
Hacking a crane at a construction site might seem to you like an impossible act from cybercriminals. It just appears so unbelievable. After all, what would they get by hacking a crane? However, researchers at Trend Micro, a cyber-security firm, claim that construction cranes are extremely vulnerable to hackers as they can exploit them to cause destruction. The researchers also released a video to explain how a construction crane can be hacked.
Reportedly, researchers Federico Maggi and Marco Balduzzi will be publishing a paper regarding the hacking of construction cranes. The duo went on a road trip and visited over a dozen construction sites in Italy while spoke with construction site managers in order to convince them that the cranes out there were prone to hacking.
In a report from Forbes, it was noted that at a construction site the researchers asked Matteo to turn off his transmitter that could control the crane present on the site. Matteo was requested to put the vehicle into ‘stop state’ and the hackers ran the script.
“Seconds later, a harsh beeping announced the crane was about to move. And then it did, shifting from side to side,” writes Forbes.
Firstly, the researchers experimented on a toy crane in their office and then went on to try the tactics on real cranes. To perform the hack, researchers exploited the communication between the cranes and their control systems and reverse engineered the signals emitted by the radio frequency controller of the crane to understand how to copy commands and give them back to the cranes.
In the end, they learned that cranes are extremely vulnerable to hacking and manufacturers need to enhance the security mechanisms of these machines to prevent the looming threat, which could be catastrophic.
According to Mark Nunnikhoven, Trend Micro’s cloud security vice president, hackers can launch attacks using simple tactics and cheap devices/tools. Nunnikhoven noted that the problem actually lies in the way these ‘industrial remote controllers rely on proprietary RF protocols, instead of using wireless technology. These protocols are probably decades old and cannot be termed as fully safe.
“The core of the problem lies in how, instead of depending on wireless, standard technologies, these industrial remote controllers rely on proprietary RF protocols, which are decades old and are primarily focused on safety at the expense of security,” said Nunnikhoven.