A Security Analysis of Radio Remote Controllers for Industrial Applications


Radio frequency (RF) remote controllers are widely used in manufacturing, construction, transportation, and many other industrial applications. Cranes, drills, and miners, among others, are commonly equipped with RF remotes. Unfortunately, these devices have become the weakest link in these safety-critical applications, characterized by long life spans, high replacement costs, and cumbersome patching processes. Given the pervasive connectivity promoted by the Industry 4.0 trend, we foresee a security risk in this domain as has happened in other fields. Our research reveals that RF remote controllers are distributed globally, and millions of vulnerable units are installed on heavy industrial machinery and environments. Our extensive in-lab and on-site analysis of devices made by seven popular vendors reveals a lack of security features at different levels, with obscure, proprietary protocols instead of standard ones. They are vulnerable to command spoofing, so an attacker can selectively alter their behavior by crafting arbitrary commands — with consequences ranging from theft and extortion to sabotage and injury. This research analyzes and shows how an attacker can persistently and remotely take control or simulate the malfunction of the attached machinery, through attacks like command injection, emergency-stop (e-stop) abuse, and malicious re-pairing. In addition, many modern radio controllers can be programmed via software, which also lacks any security measures, opening them to remote attack vectors. A remote attacker who compromises the computer used to program these remotes can alter their firmware to implement persistent and sophisticated attacks. Having examined the root cause of the vulnerabilities that make these attacks possible, we have reached out to the affected vendors to promote suitable mitigation, and we hope that our research will help raise awareness and avoid unfortunate situations regarding RF remote controllers in industrial applications.

Trend Micro Research