Your Web News in One Place

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
March 15, 2019 05:46 pm PDT

Security researchers reveal defects that allow wireless hijacking of giant construction cranes, scrapers and excavators

Using software-defined radios, researchers from Trend Micro were able to reverse-engineer the commands used to control massive industrial machines, including cranes, excavators and scrapers; most of these commands were unencrypted, but even the encrypted systems were vulnerable to "replay attacks" that allowed the researchers to bypass the encryption.

The lack of authentication (researchers say these are less secure that typical keyless entry fobs for cars, and those suck) means that the machines can be remotely controlled by unauthorized people, enabling attacks ranging "from theft and extortion to sabotage and injury."

The systems use a dog's breakfast of custom codes and command system, with no standardization, let alone basic security. All systems pose some risk of vulnerabilities, but in this case it's like they didn't even try.

Five different kinds of attack were tested. They included: a replay attack, command injection, e-stop abuse, malicious re-pairing and malicious reprogramming. The replay attack sees the attackers simply record commands and send them again when they want. Command injection sees the hacker intercept and modify a command. E-stop abuse brings about an emergency stop, while malicious re-pairing sees a cloned controller take over the functions of the legitimate one. And malicious reprogramming places a permanent vulnerability at the heart of the controller so it can always be manipulated.

So straighforward were the first four types of attack, they could be carried out within minutes on a construction site and with minimal cost. The hackers only required PCs, the (free) code and RF equipment costing anywhere between $100 and $500.

Read the rest


Original Link: http://feeds.boingboing.net/~r/boingboing/iBag/~3/SbRVpgBTrls/not-even-trying-2.html

Share this article:    Share on Facebook
View Full Article