The cyber risks of RF remote controllers

1 April 2019 Industrial (Industry)

Industrial manufacturers have come to rely a great deal on radio frequency (RF) protocols in their day-to-day functioning. From simple operations such as turning on a motor to more intricate functions like manoeuvring a heavy-duty vehicle, RF forms an integral part of the smooth running of industry.

Signals are sent over the air, which provides an opportunity for cyber criminals and attackers who are equipped with the right RF tools to possibly intercept or commandeer industrial machines and systems. This is a particularly frightening thought when considering that among others, radio frequencies can be used to control cranes, drills and even help miners navigate where they are.

“Trend Micro has done some extensive research into the threats that could compromise RF remote controllers and compiled a research report titled A Security Analysis of Radio Remote Controllers for Industrial Applications. The research has found that it is quite possible to launch a cyber-attack both within and out of RF range. Considering the extensive use of machinery using RF remote controllers, the consequences of such breaches are horrifying,” says Indi Sirinwasa, vice president of Trend Micro, Sub-Saharan Africa.

RF devices are not generally designed with cybersecurity in mind, which is precisely what makes them fair game for malicious actors if they are not properly patched. Industrial machinery tends to have long lifespans and the cost of replacement can be prohibitive. Patching the systems can also be intricate, making it difficult for equipment to be properly secured from attack.

“Industry 4.0 is on the horizon and it will bring us greater connectivity across a multitude of platforms and equipment. This security gap with RF remote controllers poses a massive security risk for a great number of businesses and government institutions. And, it’s often an area that is grossly overlooked when it comes to cybersecurity,” Siriniwasa explains.

System integrators can begin by making their clients aware of the weak points in RF and encourage them to adopt virtual fencing features, which effectively switches off the devices once they are out of range. This cuts down the possibility of remote attack, however, a hacker on site or in range could still gain access through a transmitter and launch an attack.

Increasing security means most likely turning away from proprietary RF protocols and adopting open and standard protocols. It is also important to make sure that configurable pairing in one form another is also available before purchasing any device.

“Changing the fixed ID code every now and again is also a good idea. If possible it’s best to keep the programming computer off the network and failing that, securing it in the same way you would a critical end point. Bluetooth Low Energy is something else to adopt and tamper proof mechanisms also go a long way to prevent reverse engineering. As we fast approach the future of digital industry, security needs to be a foremost concern,” concludes Siriniwasa.

The full report can be downloaded at

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

210 million industrial endpoints secured by 2028
News & Events Information Security Industrial (Industry)
A new study by Juniper Research has found that there will be growth of 107% over the next five years in the number of industrial endpoints featuring cybersecurity protection.

Growing cyber threats to SA’s critical infrastructure
News & Events Information Security Industrial (Industry)
The increasing reliance on digital infrastructure makes critical sectors like utilities more susceptible to cyber threats. This concern has been highlighted by Kaspersky's recent discovery of a new SystemBC variant that has targeted a South African nation's critical infrastructure.

Smart manufacturing redefined
Hikvision South Africa Surveillance Industrial (Industry)
AI and intuitive visualisation technology allows managers to monitor manufacturing sites, production, and operational processes, and to respond in real time in the event of an issue – helping to drive efficiency and productivity.

CHI selects NEC XON as trusted cybersecurity partner
News & Events Information Security Industrial (Industry)
CHI Limited, Nigeria's leading market player in fruit juices and dairy products, has engaged in a strategic cybersecurity partnership with NEC XON, a pan-African ICT systems integrator.

Edge technology can transform manufacturing in South Africa
Axis Communications SA Surveillance Integrated Solutions Industrial (Industry)
Aligning South African manufacturing more closely with this global shift to edge technologies could take manufacturing in the country to a new level, says Axis Communications’ Rudie Opperman.

Edge AI and managing risk in the cloud
Industrial (Industry) Infrastructure
As organisations see greater volumes of data generated from their operations. It is understandable and imperative that this data is leveraged to generate more value and increase insight that help operations and asset integrity managers ‘do more, better’.

Supporting local manufacturing
Industrial (Industry) Infrastructure
Smart Security asked Esenthren Govender, Solutions Executive at Technodyn for insight into how the company supports local manufacturing organisations to optimise their business.

New algorithm for OT cybersecurity risk management
Industrial (Industry) Information Security News & Events Commercial (Industry)
OTORIO’s new risk management model and attack graph analysis algorithm technology, calculates OT cybersecurity threats and provides risk mitigation actions, prioritised according to actual exposure and potential impact on operations.

The role of AI in industrial plants
Industrial (Industry)
The average modern industrial plant uses less than 27% of the data it generates, but industrial AI can play a major role in identifying patterns and making process predictions through new software platforms that simplify convergence and analysis of OT/IT/ET data.

Addressing the SCADA in the room
Industrial (Industry) Information Security IoT & Automation
Few other sectors command the breadth of purpose-built and custom devices necessary to function, as the industrial and manufacturing industries. These unique devices create an uncommon risk that must be assessed and understood to fully protect against incoming attacks.