Researchers with a security firm have demonstrated severe cyber vulnerabilities across cranes and other construction equipment, showcasing give different kinds of possible attacks. In a replay attack, hackers are able to copy commands being sent to the machines and then send these copied commands to the machine in the future. Through command injection attacks, hackers intercept commands and then modify them before sending them out for execution. E-stop attacks shut down all actions, and malicious re-pairing, the most complicated of the five, allows a full takeover of the vehicle, replacing its legitimate controller with one controlled by the hacker. Testers were able to carry out the first four attacks in a matter of minutes at a construction site using only PCs, open code, and some basic radio equipment.
These attacks have the potential to cause major damage physically, using hacked machines to destroy property, to more financially, capturing a fleet of machines and demanding a ransom payment. Firms have started to introduce protections to these systems, many of them for the very first time, but the testing firms indicate that many of the vulnerabilities have yet to be addressed.
Source: Exclusive: Hackers Take Control Of Giant Construction Cranes