On October 23, 2018 ICS—CERT announced a vulnerability in Telecrane’s F25 Series remote controls, which are used for cranes. They found that anyone with a low skill level could listen in on the remote control’s communications in an attempt to “view commands, replay commands, control the device, or stop the device from running.”
In essence, a hacker could learn the commands that controlled the crane, play them back, and control the crane themselves.
The F25 Series have a wide variety of applications that range from the assembly floor to back-mounted vehicle cranes and more. While these remote controls are extremely versatile, their exposure to hacking also means that hackers have a target rich environment.
There are plenty of nightmare scenarios in which a hacker could use this exploit to deal havoc on the factory floor or in the streets in an attempt to disrupt a city or conduct corporate sabotage.
Fortunately, no reports of hacking have been reported thus far and Telecrane has already released a firmware update to combat this weakness.