Trend Micro released a new report detailing inherent flaws and new vulnerabilities in radio frequency (RF) remote controllers found and disclosed through the Zero Day Initiative (ZDI).
Overview of the five classes of attacks analyzed in this research
Security analysis and recommendations
The report, A Security Analysis of Radio Remote Controllers for Industrial Applications, demonstrates how an attacker could persistently and remotely take control of, or simulate the malfunction of, the attacked machinery.
The report’s findings cover RF remote controllers found in cranes, drills, mining machinery and other industrial devices produced by the seven most commonly deployed vendors. These types of devices have become a major point of security weakness because of their connectivity. Long lifespans, high replacement costs, and cumbersome patching processes compound this problem.
“This research demonstrates a concerning reality for owners and operators of heavy industrial machinery where RF controllers are widely found,” said Bill Malik, VP of infrastructure strategies for Trend Micro. “By testing the vulnerabilities our researchers discovered, we confirmed the ability to move full-sized industrial equipment deployed at construction sites, factories, and transportation businesses. This is a classic example of both the new security risks that are emerging, as well as how old attacks are being revitalized, to attack the convergence of OT and IT.”
Basic failings in RF controllers
Trend Micro discovered three basic failings in RF controllers: no rolling code; weak or no cryptography; and a lack of software protection. Leveraging these basic weaknesses enabled five remote and local attack types, which are detailed in the report. To help facilitate the research, an RF analyzing tool, RFQuack, was also developed.
Conceptual representation of a replay attack on an industrial radio remote controller
Many operational technologies in industrial settings are now facing cyber risks due to newly added connectivity. According to Gartner, “IoT devices must remain secure for many years, potentially decades. IoT devices are also exposed or unprotected. This combination of time and space presents a different security profile than that of traditional IT assets. Security and risk management leaders must identify key industrial assets and systems, and prioritize protection of these assets based upon their mission criticality and integrated risks to OT and IT systems.”
Beyond prioritizing the cyber risks associated with these devices, Trend Micro recommends companies that use RF controllers implement comprehensive security measures, including software and firmware patching, as well as building on standardized protocols.