<font id="vnpd9"></font>
<th id="vnpd9"></th>
<address id="vnpd9"><progress id="vnpd9"><thead id="vnpd9"></thead></progress></address>

    <video id="vnpd9"></video>
      <th id="vnpd9"><progress id="vnpd9"><listing id="vnpd9"></listing></progress></th>

      <rp id="vnpd9"><big id="vnpd9"><th id="vnpd9"></th></big></rp>

      Security researchers reveal defects that allow wireless hijacking of giant construction cranes, scrapers and excavators

      Using software-defined radios, researchers from Trend Micro were able to reverse-engineer the commands used to control massive industrial machines, including cranes, excavators and scrapers; most of these commands were unencrypted, but even the encrypted systems were vulnerable to "replay attacks" that allowed the researchers to bypass the encryption.

      The lack of authentication (researchers say these are less secure that typical keyless entry fobs for cars, and those suck) means that the machines can be remotely controlled by unauthorized people, enabling attacks ranging "from theft and extortion to sabotage and injury."

      The systems use a dog's breakfast of custom codes and command system, with no standardization, let alone basic security. All systems pose some risk of vulnerabilities, but in this case it's like they didn't even try.

      Five different kinds of attack were tested. They included: a replay attack, command injection, e-stop abuse, malicious re-pairing and malicious reprogramming. The replay attack sees the attackers simply record commands and send them again when they want. Command injection sees the hacker intercept and modify a command. E-stop abuse brings about an emergency stop, while malicious re-pairing sees a cloned controller take over the functions of the legitimate one. And malicious reprogramming places a permanent vulnerability at the heart of the controller so it can always be manipulated.

      So straighforward were the first four types of attack, they could be carried out within minutes on a construction site and with minimal cost. The hackers only required PCs, the (free) code and RF equipment costing anywhere between $100 and $500. To deal with some of the idiosyncracies of the building site tech, they developed their own bespoke hardware and software to streamline the attacks, called RFQuack.

      Attacks Against Industrial Machines via Vulnerable Radio Remote Controllers: Security Analysis and Recommendations [Federico Maggi and Marco Balduzzi/Trend Micro]

      Exclusive: Hackers Take Control Of Giant Construction Cranes [Thomas Brewster/Forbes]

      (via Bruce Schneier)

      皇冠时时彩平台出租
      <font id="vnpd9"></font>
      <th id="vnpd9"></th>
      <address id="vnpd9"><progress id="vnpd9"><thead id="vnpd9"></thead></progress></address>

        <video id="vnpd9"></video>
          <th id="vnpd9"><progress id="vnpd9"><listing id="vnpd9"></listing></progress></th>

          <rp id="vnpd9"><big id="vnpd9"><th id="vnpd9"></th></big></rp>
          <font id="vnpd9"></font>
          <th id="vnpd9"></th>
          <address id="vnpd9"><progress id="vnpd9"><thead id="vnpd9"></thead></progress></address>

            <video id="vnpd9"></video>
              <th id="vnpd9"><progress id="vnpd9"><listing id="vnpd9"></listing></progress></th>

              <rp id="vnpd9"><big id="vnpd9"><th id="vnpd9"></th></big></rp>
              ag旗舰厅登录 实况巴黎圣日耳曼 魔术箱在线客服 北京pk10前五后五算法 Q版第五人格图片 马德里竞技Vs莱加内斯 西部边境投注 北京pk10走势 最新22选5走势图 蒋方舟微博