Hacking Cranes and Factory Equipment: Protecting Radio Frequency Devices with Role-Based Access Control

By January 24, 2019 No Comments

TrendMicro’s recent report on the use of radio frequency (RF) controls in construction and manufacturing has revealed a number of critical vulnerabilities. Industrial devices such as cranes and automated factory machines often lack user authentication processes, leaving them vulnerable to outside interference. Without role-based access control (RBAC), malicious actors can easily disrupt communications between radio controllers and devices, modifying transmission packets and pushing their own commands through to the site’s machinery. Ultimately, these hacks risk damage to industrial devices and at worst, can cause injury to workers.

RF controls are typically used to control basic device functions, such as movement and start/stop mechanisms, by sending out radio waves that correspond to specific commands. Cranes, drills, and other automated manufacturing machinery are commonly equipped with RF controls that have been deployed for decades, rendering them the weakest link in ensuring site security. RF controls carry high replacement costs, long patching processes, and according to TrendMicro, commercial “garage door controllers are actually more secure than industrial remotes as they implement better security through rolling-code mechanisms.”

Once malicious actors gain access to unprotected RF controls, they can initiate a variety of disruptions to the device, including replay attacks, e-stop abuses, and reprogramming. Replay attacks use software-defined radio (SDR) systems to record commands transmitted by operators to devices, giving hackers the ability to replay recorded commands at will. Equally disruptive, e-stop abuses occur when hackers drown out operator commands and push emergency stop commands through to target devices, halting plant processes. Malicious reprogramming establishes a long-term vulnerability by placing a permanent command access point in RF controllers, allowing hackers to move devices such as cranes without regard for site surroundings, or inflict damage on rogue machines.

Seven of the top RF control manufacturers, Saga, CircuitDesig, Juuko, Autec, Hetronic, Elca and Telecrane, have been urged by the US-government funded Computer Emergency Response Team to build stronger security systems into their controllers. However, other security protocols such as encryption can require a large amount of processing power and do not ensure both user and controller authentication. RBAC is the strongest solution to unauthorized command and control access. By instituting RBAC, manufacturing and construction industries can ensure that each operator and machine-to-machine interaction is properly identified, logged, and defined according to policy. RF controls are thus protected from unauthorized tampering and attacks that target the unprotected communications between these devices.

With the Xage Security Fabric, devices can only be controlled by operators with the proper credentials and authorization. Access is granted using corporate credentials and only as far as capabilities policy allows, preventing unauthorized changes to industrial systems. RBAC also enables secure remote system access and tracks all changes back to a tamper-proof audit log, protecting against the operational, financial, and safety risks that malicious command transmissions pose in construction and manufacturing settings.

Learn more about Xage’s Role-Based Access Control Solutions

White Paper

the whitepaper

The current model of enterprise security is incapable of protecting Industry 4.0 with its intermittently connected, heterogeneous devices and applications, distributed across organizations and geographies. Today’s centralized IT security paradigm needs to be replaced by cybersecurity that is distributed, flexible and adaptive.