The Internet of Things (IoT) has grown exponentially over the past few years, and that growth is expected to continue into the foreseeable future. This is especially true for the Operational Technology (OT) networks, where more and more technologies are being incorporated into industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems. These networked systems provide workers with an incredible range of control over production machinery while feeding real-time data to those monitoring workflow processes, allowing for on-the-fly decisions regarding production levels. The rapid advance of the ICS and SCADA systems has come at the expense of security, however, which has opened the doors for workplace safety and security concerns.
At the end of October 2018, the United States Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory (ICSA-18-296-03) regarding Telecrane’s F25 Series Industrial Radio Remote Controller. The device is designed to allow workers to operate construction cranes from the ground. According to the advisory, there is a severe vulnerability in the technology facilitating the radio communication between the remote control and the receiver on the crane. The bug allows hackers to sniff out the signal, alter or create control codes, and then retransmit the unauthorized commands to the machine.
At a time when there are growing geopolitical concerns regarding attacks on the critical infrastructure of the U.S. by opposing nations, these kinds of vulnerabilities are a big cause of concern. Best case, an attacker can simply stop the machine from completing its task. In a worst-case scenario, a hacker could command the crane to swing wildly or drop its load, potentially causing significant property damage, severe injuries, or death of workers or others in the area.
The advisory notes that this particular man-in-the-middle attack has been given a Common Vulnerability Scoring System (CVSS v3) score of 7.6 (serious) due to the fact that the hack requires no privileges to execute and has a low level of complexity.
The flaw was reported through Trend Micro’s Zero Day Initiative by researchers Jonathan Andersson, Philippe Lin, Akira Urano, Marco Balduzzi, Federico Maggi, Stephen Hilt, and Rainer Vosseler.