New cybersecurity research details RF control cybersecurity risks where RF devices are used in controls and automation of machines in industrial sectors such as construction, manufacturing, logistics, and mining
What types of industrial cyber attacks are possible?
In this case, researchers found vulnerabilities in RF controllers opened the door to several types of attacks:
• Replay attack
• Command injection
• E-Stop (emergency stop) abuse
• Malicious repairing attacks
• Reprogramming attacks
Trend Micro video demonstrates this RF controller vulnerability:
Here are just two examples of what is possible in an RF cyber attack by
What an amateur could do:
"From inside a
What a sophisticated attacker could do:
"An attacker with the knowledge of the RF protocol, on the other hand, can carry out attacks in a variety of ways. This adversary will know how to perform reverse engineering on a radio protocol. A visit to the targeted site or recording of the commands will no longer be needed to run attacks like command injection."
That type of attack could give hackers control of the industrial device.
industry rely on RF controllers?
Trend Micro says industrial radio remote controllers have higher replacement costs and long life spans, and during its research it found industrial remote controllers that had been deployed in production for more than 15 years.
Also, RF controllers were designed to work to ensure safety on the job for things like e-stops, and most were never designed with security in mind.
Best practices to secure industrial RF remote controls
For more details on the attack vectors created by industrial RF devices and recommendations to mitigate the cyber risks, check out Trend Micro's white paper on this topic: A Security Analysis of RF Remote Controllers for Industrial Applications.