Hacking Construction Cranes
Construction cranes are vulnerable to hacking:
In our research and vulnerability discoveries, we found that weaknesses in the controllers can be (easily) taken advantage of to move full-sized machines such as cranes used in construction sites and factories. In the different attack classes that we’ve outlined, we were able to perform the attacks quickly and even switch on the controlled machine despite an operator’s having issued an emergency stop (e-stop).
The core of the problem lies in how, instead of depending on wireless, standard technologies, these industrial remote controllers rely on proprietary RF protocols, which are decades old and are primarily focused on safety at the expense of security. It wasn’t until the arrival of Industry 4.0, as well as the continuing adoption of the industrial internet of things (IIoT), that industries began to acknowledge the pressing need for security.
wiredog • January 22, 2019 6:35 AM
“primarily focused on safety at the expense of security.”
Yes, well, when a safety failure can kill people it damn well better be the primary focus. Now since a security failure can lead to a safety failure, security needs to be considered in that light.
My first job out of college, a few decades ago, was in industrial automation. For our gear the e-stop circuit actually dropped power to the machine. To override the e-stop you had to insert a key into a switch and the software then limited what the machine could do. Or, rather, many software operations were locked out if the override was enabled. Security was ensured by not networking the machine. Remote diagnosis required someone at the shop to go out an physically plug the network cable in. No RF was used because we didn’t trust it to be as reliable as a wired connection.