Think of all the destruction that an industrial crane can cause. We’ve seen the news stories of catastrophic crane accidents, so we certainly don’t need to work hard to imagine worst-case scenarios in which someone operates a crane with nefarious intentions. But now imagine that this crane operator didn’t even have to be on-site. That’s our reality.
In a report recently released to Forbes by Japanese tech company Trend Micro, the easy hackability of industrial cranes was brought to light.
With some easily obtainable and relatively inexpensive equipment, the researchers at Trend Micro managed to hack industrial cranes and other equipment at 14 separate sites with a 100% success rate using a program they created, RFQuack.
Why Are Cranes So Unsecure?
Manufacturers of industrial cranes have long relied on antiquated proprietary wireless protocols to help keep these machines secure from outside attacks. Put simply, most manufacturers banked on the idea that most people, hackers included, didn’t know how cranes operated.
The security issue with industrial cranes doesn’t lie in the cranes themselves. The real issue is that the signals sent between the transmitters are not encrypted as they are even in basic consumer electronics.
Car door locks and garage door openers are more secure than the transmitters that operate industrial cranes, or at least they were until the crane manufacturers finally listened after seeing the ramifications of unsecure transmissions and shored up their programs.
Types of Crane Hacks
The researchers managed to enact five different types of hacks, listed as follows:
- Replay — This hack records commands for later use.
- Command injection — Command injections intercept outgoing commands, modify them, and then send them to the equipment.
- E-stop abuse — This allows hackers to power down the equipment. Researchers pointed out that this could be used to hold an entire construction site hostage, requiring a company to pay a ransom before hackers release the machinery.
- Malicious repairing — This allows hackers to take over the equipment by cloning the controller.
- Malicious reprogramming — Malicious reprogramming makes the controller permanently vulnerable.
The Dangers of Crane Hacking
There are several issues that could arise from cranes being hacked. First off, hacked cranes can cause a great deal of damage, destroying buildings and infrastructure, injuring or killing people, and causing widespread panic throughout densely populated urban areas.
Next, hacking could be used to steal these large, expensive pieces of equipment, removing them from construction sites. These cranes could also be rendered inoperable, potentially holding up construction and costing companies big bucks.
Hacks could even be made to look like an accident, with code being implanted to make the operator’s commands cause a different action than the one intended (e.g., up is down and right is left).
Securing Industrial Equipment
Trend Micro is recommending that any companies involved in the manufacture of industrial cranes take measures to secure this equipment against hackers. Many of the manufacturers that have released fixes for the security issues found were sending out their systems’ first-ever patches. However, the fixes that have been put into place aren’t necessarily complete.
Seeing these hacks actually happen spurred many crane manufacturers to action, but warnings about the hackability of these machines aren’t new. The U.S. government has been telling companies that this could happen for several years.
In the future, manufacturers of industrial equipment will ideally build security into their programs, or, better yet, according to Trend Micro, they’ll use standard tech rather than proprietary tech so that research from across the technology sector could be easily applied.