Industrial manufacturers have come to rely on a great deal on radio frequency (RF) protocols in their day-to-day functioning. From simple operations such as turning on a motor to more intricate functions like manoeuvring a heavy-duty vehicle, RF forms an integral part of the smooth running of industry.
Signals are sent over the air, which provides an opportunity for cybercriminals and attackers who are equipped with the right RF tools to possibly intercept or commandeer industrial machines and systems. This is a particularly frightening thought when considering that among others, radio frequencies can be used to control cranes, drills and even help miners navigate where they are.
“Trend Micro has done some extensive research into the threats that could compromise RF remote controllers and compiled a research report titled A Security Analysis of Radio Remote Controllers for Industrial Applications,” explained Indi Sirinwasa, Vice President of Trend Micro, Sub-Saharan Africa.
“The research has found that it is quite possible to launch a cyberattack both within and out of RF range. Considering the extensive use of machinery using RF remote controllers, the consequences of such breaches are horrifying.”
RF devices are not generally designed with cybersecurity in mind, which is precisely what makes them fair game for malicious actors if they are not properly patched. Industrial machinery tends to have long lifespans and the cost of replacement can be prohibitive. Patching the systems can also be intricate, making it difficult for equipment to be properly secured from attack.
“Industry 4.0 is on the horizon and it will bring us greater connectivity across a multitude of platforms and equipment,” added Siriniwasa.
“This security gap with RF remote controllers poses a massive security risk for a great number of businesses and government institutions. And, it’s often an area that is grossly overlooked when it comes to cybersecurity.”
System integrators can begin by making their clients aware of the weak points in RF and encourage them to adopt virtual fencing features, which effectively switches off the devices once they are out of range. This cuts down the possibility of remote attack; however, a hacker on site or in range could still gain access through a transmitter and launch an attack.
Increasing security means most likely turning away from proprietary RF protocols and adopting open and standard protocols. It is also important to make sure that configurable pairing is also available before purchasing any device.
“Changing the fixed ID code every now and again is also a good idea,” said Sirinwasa.
“If possible, it’s best to keep the programming computer off the network and failing that, securing it in the same way you would a critical end point. Bluetooth Low Energy is something else to adopt and tamper proof mechanisms also go a long way to prevent reverse engineering. As we fast approach the future of digital industry, security needs to be a foremost concern.”