Our Main Office
Construction Equipment Guide
470 Maryland Drive
Fort Washington, PA 19034
Mon January 27, 2020 - National Edition
There's no doubt that remotely controlled construction equipment is a huge advantage for crews across job sites everywhere, but as with any innovation, it carries its own set of risks.
One danger that researchers have unearthed is the ability for hackers to control remotely operated construction equipment with little effort. Researchers from security software company Trend Micro recently put this risk to the test.
Researchers Frederico Maggi and Marco Balduzzi toured Italy's Lombardi region in March 2018, attempting to convince construction site managers they met along the way to allow them to try to hack their cranes, Forbes reported. Although many managers turned down their offer, one named Matteo agreed. First, Maggi and Balduzzi asked Matteo to turn off his transmitter, the sole way the crane could be controlled on the site, and put the crane into the "stop" position. Then, using laptops powered with the battery of the red Volkswagen Polo they were driving, Maggi and Balduzzi made an attempt to gain control of the equipment by running their code.
Within seconds, the previously stationary crane began to move.
After this first successful hacking attempt, Maggi and Balduzzi tried their luck at 14 other job sites, where they hacked and controlled cranes, excavators, scrapers and other pieces of equipment.
The problem, according to Trend Micro, isn't with technological advancements in the construction industry, but rather with the continued use of old methods to control these machines. Radio frequency controllers, which are used for remotely controlled construction equipment, like the cranes Maggi and Balduzzi hacked, work by sending out radio waves that pair with a command that is interpreted and executed by a receiver.
Trend Micro determined that "weaknesses in the controllers can be (easily) taken advantage of to move full-sized machines such as cranes used in construction sites and factories … we were able to perform the attacks quickly and even switch on the controlled machine despite an operator's having issued an emergency stop (e-stop).
"The core of the problem lies in how, instead of depending on wireless, standard technologies, these industrial remote controllers rely on proprietary RF protocols, which are decades old and are primarily focused on safety at the expense of security," Trend Micro said. "It wasn't until the arrival of Industry 4.0, as well as the continuing adoption of the Industrial Internet of Things (IIoT), that industries began to acknowledge the pressing need for security."
For perspective, Trend Micro said that it found garage door remote controllers that use radio frequency to be more secure than industrial remotes.
Potential hackers have the ability to perform their attacks in a variety of ways, Trend Micro said:
And since industrial remote controllers last much longer — and cost more to replace — than their run-of-the-mill, commercial counterparts, many pieces of equipment could be easy targets for a decade or longer. Micro Trend reported it found that many of these remote controllers had been in use for 15 years or longer.
While it's clear that an attack such as this is possible — who would want to do something like this in the first place, and why?
According to Micro Trend, casual attackers could be close by — a contractor or an unhappy worker. And while the motivations behind this kind of attack could be infinite, Micro Trend pointed out that three key motivations include sabotage, theft and extortion.
According to Micro Trend, construction companies can fight back against this risk by:
CEG recently spoke with Joel Oliva, director of operations at the Commission for the Certification of Crane Operators about this issue.
Although the risk of hackers controlling the equipment on your job site is real, with the right preparation, you and your crew don't have to be left vulnerable. After all, you want your cranes to help you reach new heights, and with a bit of awareness of the risks, they'll help you rise even higher. CQ
This story also appears on Crane Equipment Guide.