author photo
By Bruce Sussman
Fri | Feb 1, 2019 | 4:47 AM PST

New cybersecurity research details RF control cybersecurity risks where RF devices are used in controls and automation of machines in industrial sectors such as construction, manufacturing, logistics, and mining.

Trend Micro found that the remote control you use to open your garage door is likely more secure than industrial radio frequency controllers that can control cranes, mining, or other industrial equipment.

What types of industrial cyber attacks are possible?

In this case, researchers found vulnerabilities in RF controllers opened the door to several types of attacks:

     •  Replay attack
     •  Command injection
     •  E-Stop (emergency stop) abuse
     •  Malicious repairing attacks
     •  Reprogramming attacks

Trend Micro video demonstrates this RF controller vulnerability:

Here are just two examples of what is possible in an RF cyber attack by level of experience.

What an amateur could do:

"From inside a car we were able to detect signals from a transmitter on the field that was 300 meters away. A casual attacker with no advanced skills whatsoever (could be a contractor, disgruntled employee, or script kiddie) equipped with a software-defined radio (SDR) can record a command and replay it under risky conditions."

What a sophisticated attacker could do:

"An attacker with the knowledge of the RF protocol, on the other hand, can carry out attacks in a variety of ways. This adversary will know how to perform reverse engineering on a radio protocol. A visit to the targeted site or recording of the commands will no longer be needed to run attacks like command injection."

That type of attack could give hackers control of the industrial device. 

Why does industry rely on RF controllers?

Trend Micro says industrial radio remote controllers have higher replacement costs and long life spans, and during its research it found industrial remote controllers that had been deployed in production for more than 15 years.

Also, RF controllers were designed to work to ensure safety on the job for things like e-stops, and most were never designed with security in mind.

Best practices to secure industrial RF remote controls

For more details on the attack vectors created by industrial RF devices and recommendations to mitigate the cyber risks, check out Trend Micro's white paper on this topic: A Security Analysis of RF Remote Controllers for Industrial Applications.

Comments