Trend Micro warns handheld remote controllers for construction equipment can be hacked
Photo Credit To ANGDavis Associates

Trend Micro warns handheld remote controllers for construction equipment can be hacked

Trend Micro warns handheld remote controllers for construction equipment can be hacked

Trend Micro  a global leader in cybersecurity solutions, has released a new report detailing inherent flaws and new vulnerabilities in radio frequency (RF) remote controllers found and disclosed through the Zero Day Initiative (ZDI).

The report, A Security Analysis of Radio Remote Controllers for Industrial Applications, demonstrates how an attacker could persistently and remotely take control of, or simulate the malfunction of, the attacked machinery.

The report’s findings cover RF remote controllers found in cranes, drills, mining machinery and other industrial devices produced by the seven most commonly deployed vendors.

These types of devices have become a major point of security weakness because of their connectivity. Long lifespans, high replacement costs, and cumbersome patching processes compound this problem.

“This research demonstrates a concerning reality for owners and operators of heavy industrial machinery where RF controllers are widely found,” said Bill Malik, VP of infrastructure strategies for Trend Micro. “By testing the vulnerabilities our researchers discovered, we confirmed the ability to move full-sized industrial equipment deployed at construction sites, factories, and transportation businesses. This is a classic example of both the new security risks that are emerging, as well as how old attacks are being revitalized, to attack the convergence of OT and IT.”

Trend Micro discovered three basic failings in RF controllers: no rolling code; weak or no cryptography; and a lack of software protection. Leveraging these basic weaknesses enabled five remote and local attack types, which are detailed in the report. To help facilitate the research, an RF analysing tool, RFQuack, was also developed.

Many operational technologies in industrial settings are now facing cyber risks due to newly added connectivity. According to Gartner, “IoT devices must remain secure for many years, potentially decades. IoT devices are also exposed or unprotected. This combination of time and space presents a different security profile than that of traditional IT assets. Security and risk management leaders must identify key industrial assets and systems, and prioritize protection of these assets based upon their mission criticality and integrated risks to OT and IT systems.” 

Beyond prioritizing the cyber risks associated with these devices, Trend Micro recommends companies that use RF controllers implement comprehensive security measures, including software and firmware patching, as well as building on standardized protocols.

Read the complete Trend Micro research report here.

Post source : Trend Micro

About The Author

Anthony brings a wealth of global experience to his role as Managing Editor of Highways.Today. With an extensive career spanning several decades in the construction industry, Anthony has worked on diverse projects across continents, gaining valuable insights and expertise in highway construction, infrastructure development, and innovative engineering solutions. His international experience equips him with a unique perspective on the challenges and opportunities within the highways industry.

Related posts