Radio-frequency remote controllers are widely used in the manufacturing, construction, and transportation industry. Cranes, drillers, and miners, among others, are commonly equipped with radio controllers for flexible operation. In industrial environments, vulnerable radio controllers represent a significant problem, firstly because of the safety-critical conditions and, secondly, because of the high replacement costs and long lifespans.
While this session will identify vulnerabilities in all 7 vendors researched, including trivial to execute attacks, the focus of this session is on the methodology used to assess the often ignored radio-frequency remote controllers. Custom built tool-chains will be described and demonstrated. This type of tool-chain can be extended to support the many SPI based radio chips that exist today. This tool-chain aided in reversing some of the custom obfuscations, even one where the communications appeared to be white noise.
Finally some examples of possible post exploit actions will be discussed and demonstrated.