By Karen L. Edwards, RoofersCoffeeShop® Editor.
Forbes reported recently that research hackers successfully took over a large construction crane using just a laptop, some code and some radio hardware. The hackers, Federico Maggi and Marco Balduzzi, saw their first successful takeover happen in Italy where they convinced a construction site manager to let them try to take over the crane.
The manager turned off the transmitter used for controlling the crane and put it into a stop state. The hackers went to work and seconds later they were operating the crane. Working on behalf of Japanese cybersecurity firm Trend Micro, the hackers made it into 14 locations where they successfully hacked into devices that controlled the cranes and also other equipment such as excavators, scrapers and other large machinery.
It became clear that the companies manufacturing the tools are going to need to take steps to secure the equipment from attacks. The hackers pinpointed a vulnerability in the communication between the equipment and the controllers. The data packers traveling through the airwaves had very little or even no security at all. In fact, the two stated in their paper about their findings that remote-controlled toy cars or remote door locks contained more security than the equipment controllers. They even found that they could check traffic over various radio frequencies and detect what devices were currently in use and whether or not they were vulnerable to attack.
According to Forbes, there were seven manufacturers whose devices were vulnerable to the attackers: Saga, CircuitDesig, Juuko, Autec, Hetronic, Elca and Telecrane. This research presents a potentially very dangerous situation to construction sites and workers using automated equipment or remotely controlled devices.
It’s good to note that fixes have been rolling out over the last year thanks to Trend Micro’s work with the U.S. government-funded Computer Emergency Response Teams that are alerting manufacturers to the risks so they will patch the vulnerabilities.