Cybersecurity, Emerging Issues in Security, Facility Security

Researchers Find Security Risks Relating to Industrial Machinery

The attack surface that security professionals must defend grows exponentially as more and more of our workplaces and processes are automated. This is especially true in industrial settings, where a host of machinery engages in a tightly coordinated dance, directed through instructions sent over wired or wireless networks. The price for a security breach is high, as hacked machines can injure workers, damage property, and disrupt production. They can even serve as a gateway onto networked servers containing sensitive data.

Man and robotic machine work together inside industrial building. The mechanical arm performs welds on metal components assisted by a worker who in turn manages welds manually.

Filip_Krstic / iStock / Getty Images Plus / Getty Images

New research from cybersecurity experts at Trend Micro highlights the inherent flaws and new vulnerabilities in radio frequency (RF) remote controllers that were found and disclosed through the Zero Day Initiative (ZDI). The report, A Security Analysis of Radio Remote Controllers for Industrial Applications, demonstrates how an attacker could persistently and remotely take control of, or simulate the malfunction of, the attacked machinery.

The report’s findings cover RF remote controllers found in cranes, drills, mining machinery and other industrial devices produced by the seven most commonly deployed vendors. These types of devices have become a major point of security weakness because of their connectivity. Long lifespans, high replacement costs, and cumbersome patching processes compound this problem.

“This research demonstrates a concerning reality for owners and operators of heavy industrial machinery where RF controllers are widely found,” said Bill Malik, VP of infrastructure strategies for Trend Micro. “By testing the vulnerabilities our researchers discovered, we confirmed the ability to move full-sized industrial equipment deployed at construction sites, factories, and transportation businesses. This is a classic example of both the new security risks that are emerging, as well as how old attacks are being revitalized, to attack the convergence of OT and IT.”

Trend Micro discovered three basic failings in RF controllers: no rolling code; weak or no cryptography; and a lack of software protection. Leveraging these basic weaknesses enabled five remote and local attack types, which are detailed in the report. To help facilitate the research, an RF analyzing tool, RFQuack, was also developed.

Many operational technologies in industrial settings are now facing cyber risks due to newly added connectivity. According to Gartner, “IoT devices must remain secure for many years, potentially decades. IoT devices are also exposed or unprotected. This combination of time and space presents a different security profile than that of traditional IT assets. Security and risk management leaders must identify key industrial assets and systems, and prioritize protection of these assets based upon their mission criticality and integrated risks to OT and IT systems.”

Beyond prioritizing the cyber risks associated with these devices, Trend Micro recommends companies that use RF controllers implement comprehensive security measures, including software and firmware patching, as well as building on standardized protocols.