When securing a jobsite against malicious hackers, most go to protect computer files, and few look up and worry about the tower cranes. But many cranes—whether tower, mobile or industrial—can be remotely run via radio wireless controllers, a useful feature for when operators need a clearer view of the load from the ground. Unfortunately, these wireless signals are vulnerable to hijacking, according to a study released earlier this year by security research firm Trend Micro. It found that the radio signals these crane controllers use are not encrypted over the air in any way, and can be easily intercepted and spoofed using off-the-shelf equipment and a basic knowledge of electronics and radio engineering.
“In other operational and industrial technology, there are some security measures,” says Greg Young, vice president of cybersecurity at Trend Micro. “In this case, we didn’t have to find vulnerabilities. There was no need to pick the lock on the door, the door was open—no encryption, no proprietary protocols.”