A new report from Trend Micro reveals the vulnerabilities in cranes and other large-scale construction equipment. Could industrial job sites be hacked and extorted?
Federico Maggi will never forget the first time he saw a crane being hacked.
Last March, he was on a strange kind of road trip. Travelling the Lombardi region of Italy with his colleague Marco Balduzzi in a red Volkswagen Polo, the pair hoped to convince construction site managers, who they’d never met or spoken with before, to let them have a crack at taking control of cranes with their hacking tools.
Surprise, surprise: They weren’t having much luck. But one such manager, who Maggi fondly remembers as Matteo, was game. Armed with laptops powered by the VW’s battery, scripts for running their hacks and some radio hardware to beam out the exploit code, Maggi and Balduzzi got to work.
Matteo was asked to turn off his transmitter, the only one on-site capable of controlling the crane, and put the vehicle into a “stop” state. The hackers ran their script. Seconds later, a harsh beeping announced the crane was about to move. And then it did, shifting from side to side.
It soon became obvious: Cranes were hopelessly vulnerable. And, unless the manufacturers behind the tools could be convinced to secure their kit, the potential for catastrophic damage was very real. The consequences ranged “from theft and extortion to sabotage and injury,” the researchers wrote in a paper handed to Forbes exclusively ahead of publication on Tuesday.