Radio Frequency (RF) Protocols Exploited by Remote Hackers

     Construction sites, shipyards, ports, and manufacturing sites utilizes RF to control the industrial equipment on their site for day to day operations. The cybersecurity firm Trend Micro has discovered vulnerabilities within the Radio Frequency and Transmission protocols that govern these devices that would allow attackers to control industrial machines such as cranes and other heavy machinery. These vulnerabilities are relevant to the industrial control system area, because exploiting heavy machinery such as cranes, drills, etc. can affect the manufacturing sector along with the United States economy. Manufacturing and seaports are major contributors to the United States economy, American ports contribute more than $3 trillion alone (Global Trade, 2018). The vulnerabilities that were discovered were authentication bypass by capture-replay vulnerabilities (CVE-2018-17935 and CVE-2018-19023), which allows an individual with a low skill level to capture traffic between a transmitter and a receiver and have control over that machinery.

Vulnerabilities in More Detail

     When an individual pushes a button on transmitter, each button pressed is translated into an RF packet and communicated to a receiver. Because these vulnerable devices use fixed codes, they can be found by using a RF sniffer during transmission and retransmitted with an unauthorized command or message by an attacker. Another exploit can be accomplished by using the same type of attack to cause a denial-of-service (DoS) on a targeted machine, causing the heavy equipment to become inoperable. An individual with more proficient skills can used these vulnerabilities to clone the target remote and have complete control over a piece of equipment with the newly created malicious controller.

National Vulnerability Database Description

CVE-2018-17935 : Authentication Bypass by Capture-Replay

CVE-2018-19023 : Authentication Bypass by Capture-Replay

Recommended Actions

     Some of the vendors have already started to update their radio transmitters to an updated firmware version, while others are still investing the vulnerabilities. Other recommendations could entail minimizing network exposure, not allowing systems to be accessed from the internet, install firewalls, and isolate these systems from the business network.

Sources

Old RF Protocols Expose Cranes to Remote Hacker Attacks. (2019, January 15). Retrieved from https://www.securityweek.com/old-rf-protocols-expose-cranes-remote-hacker-attacks.

Global Trade Magazine. (n.d.). Retrieved from https://www.globaltrademag.com/us-ports/.