equipment icon Cranes Equipment equipment icon Parts equipment icon Dealers newspaper icon Articles email icon Sign up for Updates email iconDigital Issues pencil icon Sell Your Machines

equipment icon Cranes Equipment equipment icon Cranes Parts equipment icon Cranes Dealers
newspaper icon Cranes Articles email icon Sign up for Updates pencil icon Sell Your Machines

Hackers and Cranes: The Dangers Research Has Revealed

Mon January 27, 2020
Emily Buenzle – Special to CEG

There's no doubt that remotely controlled construction equipment is a huge advantage for crews across job sites everywhere, but as with any innovation, it carries its own set of risks.

One danger that researchers have unearthed is the ability for hackers to control remotely operated construction equipment with little effort. Researchers from security software company Trend Micro recently put this risk to the test.

Researchers Frederico Maggi and Marco Balduzzi toured Italy's Lombardi region in March 2018, attempting to convince construction site managers they met along the way to allow them to try to hack their cranes, Forbes reported. Although many managers turned down their offer, one named Matteo agreed. First, Maggi and Balduzzi asked Matteo to turn off his transmitter, the sole way the crane could be controlled on the site, and put the crane into the "stop" position. Then, using laptops powered with the battery of the red Volkswagen Polo they were driving, Maggi and Balduzzi made an attempt to gain control of the equipment by running their code.

Within seconds, the previously stationary crane began to move.

After this first successful hacking attempt, Maggi and Balduzzi tried their luck at 14 other job sites, where they hacked and controlled cranes, excavators, scrapers and other pieces of equipment.

How It Works

The problem, according to Trend Micro, isn't with technological advancements in the construction industry, but rather with the continued use of old methods to control these machines. Radio frequency controllers, which are used for remotely controlled construction equipment, like the cranes Maggi and Balduzzi hacked, work by sending out radio waves that pair with a command that is interpreted and executed by a receiver.

Trend Micro determined that "weaknesses in the controllers can be (easily) taken advantage of to move full-sized machines such as cranes used in construction sites and factories … we were able to perform the attacks quickly and even switch on the controlled machine despite an operator's having issued an emergency stop (e-stop).

"The core of the problem lies in how, instead of depending on wireless, standard technologies, these industrial remote controllers rely on proprietary RF protocols, which are decades old and are primarily focused on safety at the expense of security," Trend Micro said. "It wasn't until the arrival of Industry 4.0, as well as the continuing adoption of the Industrial Internet of Things (IIoT), that industries began to acknowledge the pressing need for security."

For perspective, Trend Micro said that it found garage door remote controllers that use radio frequency to be more secure than industrial remotes.

Potential hackers have the ability to perform their attacks in a variety of ways, Trend Micro said:

  • Local attacks: Hackers within range may not have any advanced skills, and would merely need a software-defined radio (SDR) to record a command and then replay it. Add in signal amplifiers and a good antenna, and a hacker could gain control of the equipment in question from miles away.
  • Remote attacks: These attacks can occur in different manners — a hacker could plant a small, battery-operated embedded device in the target range, which can be controlled remotely for the length of the battery's charge. Otherwise, a hacker could use a computer to program software or control remotes to take over the machine.

And since industrial remote controllers last much longer — and cost more to replace — than their run-of-the-mill, commercial counterparts, many pieces of equipment could be easy targets for a decade or longer. Micro Trend reported it found that many of these remote controllers had been in use for 15 years or longer.

While it's clear that an attack such as this is possible — who would want to do something like this in the first place, and why?

According to Micro Trend, casual attackers could be close by — a contractor or an unhappy worker. And while the motivations behind this kind of attack could be infinite, Micro Trend pointed out that three key motivations include sabotage, theft and extortion.

What You Can Do

According to Micro Trend, construction companies can fight back against this risk by:

  • Applying patches as needed to stop hackers from using a system's weak points to gain entry;
  • Considering devices that have virtual fencing features, which disable the device when the remote controller steps out of range; and
  • Switching from proprietary radio frequency protocols to standard ones.

CEG recently spoke with Joel Oliva, director of operations at the Commission for the Certification of Crane Operators about this issue.

Although the risk of hackers controlling the equipment on your job site is real, with the right preparation, you and your crew don't have to be left vulnerable. After all, you want your cranes to help you reach new heights, and with a bit of awareness of the risks, they'll help you rise even higher. CQ



ALL Deploys Two Tower Cranes to Build Orlando Apartment Complex →

A 300-unit apartment complex marks the return of ALL Sunshine Crane Rental Corp. , a member of the ALL Family of Companies, to the tower crane market in the Orlando metro area.

ALL Crane Gets New Liebherr All Terrain Crane →

Fresh off its debut at ConExpo, the new Liebherr LTM 1100-5.3 all terrain crane is bound for the fleet of the ALL Family of Companies.

Cranes Begin Unloading Dali After Key Bridge Collapse →

Workers have begun using cranes to offload containers from the Dali, the 100,000-ton vessel that crashed into Baltimore's Key Bridge on March 26, 2024, and sent major sections of the bridge plunging into the waters of the Patapsco River.

Kobelco Names Bigge Crane and Rigging as New Dealer →

Bigge Crane and Rigging, the leading crane rental and sales company in the United States, has been selected by Kobelco as the exclusive representative of its crawler cranes in Colorado and Utah.

Liebherr USA Co. Announces New Divisional Director →

Liebherr USA Co. appointed Shane Kuhlmey as divisional director of crawler cranes, deep foundation machines and maritime cranes, effective April 1, 2024.

CCO Recognizes Top Training Providers for Outstanding Commitment to Safety →

CCO is proud to announce the recipients of the 2024 Training Provider Awards. These prestigious awards recognize the exemplary efforts of training providers in preparing candidates for CCO exams, leading to essential certifications in load handling equipment operation.

CCO Names 2024 Employer Award Recipients →

CCO announced the winners of the 2024 CCO Employer Awards, celebrating companies committed to workplace safety through CCO certification.

States Put New Regs in Place for Tower Crane Safety →

Washington State was poised to join other states regulating safety surrounding tower cranes. The state passed legislation in response to a deadly 2019 tower crane accident in Seattle, joining other major cities and states with tower crane regulations in place.

Manitowoc Launches Two New Potain Luffing Jib Cranes →

Manitowoc completes its latest generation of Potain luffing jib cranes with the launch of the MR 309 and MR 329.

New Report On Safety Hazards in Crane Industry →

The NCCCO Foundation and the National Safety Council (NSC) through its Work to Zero initiative partnered to survey certified crane operators and inspectors regarding safety hazards in the crane industry.


Sign up for weekly equipment updates email icon Place an equipment listing on Crane Equipment Guide pencil icon

Crane Equipment Guide is the best source for news, how-to's and equipment for the Cranes Industry. We list equipment in all the major cranes categories including conveyors, feeders, stackers, crushers, magnets, screening equipment, washing equipment, and more. Our website makes it easy to find the machines you need fast. From manufacturers such as Cedarapids, Doppstadt, Extec, Kleemann, McCloskey, Metso, Nordberg, Pioneer, Powerscreen, Screen Machine, Superior, Terex, and more.

Crane Equipment Guide is a project of Construction Equipment Guide, putting machines in front of buyers for over 60 years.

39.96118 \\ -82.99879 \\ 18.188.44.223 \\ Columbus \\ Ohio