Vulnerabilities in Radio Frequency remote controllers can put machinery at risk

• Attackers can exploit such controllers to remotely take control over machines such as cranes, drills and mining machinery.
• It was discovered that there are three basic security issues in RF controllers.

Radio Remote Controllers for Industrial applications have been found to be highly susceptible to cyber attacks. Attackers can exploit such controllers to remotely take control over machines such as cranes, drills and mining machinery.

Basic flaws

Researchers at Trend Micro explain that such type of industrial devices have become a major point of vulnerability because they rely on remote controllers for operation.

It was discovered that there are three basic security issues in RF controllers. The three flaws are no rolling code, weak or no cryptography and lack of software protection. The researchers leveraged these three flaws to demonstrate five types of remote and local attacks.

To facilitate the research, an RF analyzing tool, RFQuack was developed.

“By testing the vulnerabilities our researchers discovered, we confirmed the ability to move full-sized industrial equipment deployed at construction sites, factories, and transportation businesses. This is a classic example of both the new security risks that are emerging, as well as how old attacks are being revitalized, to attack the convergence of OT and IT,” said Bill Malik, VP of infrastructure strategies of Trend Micro.

Impacts

A successful attack can prevent the controlled machines from turning off even after the operator has issued an ‘emergency stop’.

One of the most worrisome aspects of the hack is that the machinery can be exploited if the hackers are within the vicinity of the target or they can perform it remotely.

Researchers further found that the RF controllers can also be abused by command spoofing, where an attacker within a range can capture radio traffic and modify it into new commands.

Hackers can also exploit the machinery to conduct DDoS attacks and reply attacks. Companies that use RF controller are advised to implement additional security measures including patching the firmware to protect themselves against such attacks.