Federico Maggi\u00a0will never forget the first time he saw a crane being hacked.<\/p>\n
Last March, he was on a strange kind of road trip. Traveling the Lombardi region of Italy with his colleague Marco Balduzzi in a red Volkswagen Polo, the pair hoped to convince construction site managers, who they\u2019d never met or spoken with before, to let them have a crack at taking control of cranes with their hacking tools.<\/p>\n
Surprise, surprise: They weren\u2019t having much luck. But one such manager, who Maggi fondly remembers as Matteo, was game. Armed with laptops powered by the VW\u2019s battery, scripts for running their hacks and some radio hardware to beam out the exploit code, Maggi and Balduzzi got to work.<\/p>\n
Matteo was asked to turn off his transmitter, the only one on-site capable of controlling the crane, and put the vehicle into a \u201cstop\u201d state. The hackers ran their script. Seconds later, a harsh beeping announced the crane was about to move. And then it did, shifting from side to side. Looking up at the mechanism below a wide blue sky, Matteo was at first confused.<\/p>\n
\u201cI remember him looking up and asking, \u2018Who is doing that ?\u2019 Then he realized the test was successful,\u201d Maggi recalls.<\/p>\n
Matteo\u2019s crane was just the start. Over the coming days and weeks, the researchers, who ply their trade at Japanese cybersecurity giant Trend Micro, became professional \u201ccrane spotters.\u201d Able to detect potentially vulnerable machines on site, they embarked on an unprecedented hacking trip.<\/p>\n
They cajoled their way into 14 locations where they were allowed to hack into devices that not only controlled cranes but excavators, scrapers and other large machinery. In every case, their preprepared attack code worked.<\/p>\n
It soon became obvious: Cranes were hopelessly vulnerable. And, unless the manufacturers behind the tools could be convinced to secure their kit, the potential for catastrophic damage was very real. The consequences ranged \u201cfrom theft and extortion to sabotage and injury,\u201d the researchers wrote in a\u00a0paper<\/a>\u00a0handed to\u00a0Forbes<\/em>\u00a0exclusively ahead of publication on Tuesday.<\/p>\n The attacks are simple, cheap and open to any person willing to risk launching them, warns Mark Nunnikhoven, VP for cloud security at Trend Micro. \u201cAnyone in range can manipulate these devices.\u201d<\/p>\n Attack of the cranes<\/strong><\/p>\n In layman\u2019s terms, Maggi and Balduzzi were doing something akin to cloning the transmitter typically used by site managers like Matteo.<\/p>\n But it\u2019s a little more complex than that. The vulnerabilities uncovered by Trend Micro\u2019s research team lay not in the vehicles themselves but in the communications between the controllers and the cranes. The benevolent hackers had to reverse engineer those communications coming from the radio frequency (RF) controller. They then had to find ways of copying commands, which came in their own supposedly unique formats, full of quirks the researchers had to figure out.<\/p>\n