Trend Micro issued a report Wednesday warning that common industrial robots are susceptible to hacks and other forms of electronic hacking that could cause physical harm to workers or result in flawed and dangerous products.
The company’s report, Rogue Robots: Testing Industrial Robot Security (PDF) found that the software running commercial robots is often outdated and relies on outdated and vulnerable operating systems and libraries. The use of cryptography and authentication to protect industrial robots is often flawed or trivial to break, leaving the devices susceptible to a wide range of attacks. That’s especially dangerous since Trend researchers also found “thousands” of industrial devices using public IP addresses, meaning that remote attackers could reach and compromise them.
Trend carried out tests on an industrial robot by the firm ABB Robotics in a lab setting. However, the company said that “architectural commonalities” in modern industrial robots, as well as existing standards, mean that the company’s findings, which were complied with collaborators from the Politecnico di Milano (POLIMI), are likely to affect a wide range of industrial robots.
A lack of security controls on data that is transmitted from operator workstations to industrial robots was the biggest source of insecurity in the industrial robot that Trend studied. Specifically: Trend found that many industrial robots now sport embedded industrial routers (aka “service boxes”) that allow them to be remotely managed and configured. Such devices, accessible via virtual private network tunnels or even the public Internet, can be a conduit for attack.
Attacks could happen by way of the industrial network the robot is connected to. A malicious insider with physical access to the robot could also tamper with it.
Trend characterized five different types of robot-specific attacks: from altering the robot’s control-loop parameters or production to cause it to behave in ways that result in defective work- for example: subtly altered or defective parts. Other attacks involved manipulating the state information relayed from the robot to the human robot operator or the operating state of the robot in a way that causes injury to humans working alongside the robot.
Injuries and even deaths due to robot malfunctions are not unheard of. Recently, a 20 year-old Alabama woman was crushed to death by an industrial robot at a company that is a supplier to automakers Kia and Hyundai. The supplier had been cited and fined by the U.S. Occupational Safety and Health Administration (OSHA) for several worker safety violations, including risks of physical harm including amputation or death due to improper security measures on the factory floor.
In many cases, the problems identified with industrial robots are similar to problems identified with other industrial control systems. Namely: a lack of end-to-end security and integrity checking for critical features like production logic. That allows attackers to change the commands given to a robot at will either prior to or after it has been deployed to the device. For robots working on highly sensitive tasks, that could result in small changes in behavior that would be impossible to notice, but render the robots output useless (and even dangerous).
Other problems are the lack of authentication to robots and control stations, or weak authentication schemes. As an example, Trend tested ABB’s six-axis IRB140 industrial robot, which is capable of carrying a payload up to 6kg. The device’s underlying software RobotWare 5.13.10371, which is based on the VxWorks runtime and FlexPendant, which is based on Windows CE, both proved easy targets for Trend reverse engineers, who were able to locate exploitable vulnerabilities including a lack of strong encryption, memory errors and corruption flaws (i.e. stack based buffer overflows) and weak authentication controls.
You can read the full report here: Rogue Robots: Testing the Limits of an Industrial Robot’s Security – Security News – Trend Micro USA