Researchers remotely hack an industrial robot
Researchers have discovered that industrial robots can be remotely hacked to cause potentially devastating damage, as serious concerns over the safety and security of Internet of Things (IoT) devices continue to mount. Researchers at security firm Trend Micro and Italy's Politecnico Milano found that many internet-connected industrial machines run on outdated software or have poor software protection.
In a research paper titled Rogue Robots: Testing the Limits of an Industrial Robot's Security, experts said they discovered various security vulnerabilities that hackers can exploit to pull off a wide rage of attacks. Researchers found more than 80,000 industrial routers used to control robots were exposed, 5,000 of which had no authentication requirements.
While some industrial devices have weak authentication systems with default passwords or none at all, researchers discovered that tens of thousands of devices rely on IP addresses that are public, increasing the risk of a malicious attacker getting access and hacking them.
Researchers also conducted a series of tests and plan to present a case study of these attack techniques at the IEEE Security and Privacy conference later in May. The report also included a case study demonstrating how attackers can potentially hijack a 100kg (220lb) industrial robotic arm.
The experts targeted an ABB IRB140 industrial robot, capable of carrying a payload of up to 6kg, that was programmed to draw a straight line. By exploiting a remote code vulnerability in the robot's controller software, they reverse engineered the RobotWare control programme and RobotStudio software and were able to inject faults and microdefects into the workpiece.
Instead of drawing a straight line, researchers were able to alter the robot's parameters and trick it into drawing a line that was 2mm off. Although this might seem like a miniscule change, the tiniest of defects could be deadly when designing and manufacturing critical pieces of equipment such as parts for planes or cars.
"As far as the robot thinks, it's still drawing a straight line," Mark Nunnikhoven, Vice President of cloud research at Trend Micro, told Forbes. "It's a remote code exploit to change the configuration file, we're not changing the instructions, we're changing what the robot believes to be true about its environment.
"It doesn't sound like much until you remember what the robot is trying to do with this straight line. So if it's on a car manufacturing line, it's trying to do a weld in a straight line, joining two pieces of material together. If it's in pharmaceuticals, it's doing similar things, trying to align different parts for medical devices... a 2mm variance in what should be a straight line could have catastrophic effects downstream."
ABB was notified of the vulnerability and has already fixed the issue in its latest firmware revision.
The report also warned that attackers may target the company itself by keeping track of any altered products and later contacting them and demanding a ransom to reveal which ones were affected.
"If my chassis of my car is no longer as strong as it should be it's going to react differently in an accident," Nunnikhoven said. "If that wing of that aircraft isn't attached the way it should be, that's a really bad thing for flight in general."
An attacker may also control a robot to damage its parts or even cause injuries to the people working closely with them. While an operator may think it is safe to walk, stand or work near the robot when "in that very moment, an attacker is controlling its movements," the report warned.
By hijacking an industrial machine, a malicious actor could force bottlenecks and completely halt the production line. They may even target a particularly critical robot that contains sensitive trade data that could prove valuable on the dark market.
Trend Micro looked at robots made by five major manufacturers - ABB, Mitsubishi, Fanuc, Kawasaki and Yaskawa - and found new vulnerabilities of varying severity across five brands. These included Belden, Digi, Moxa, NetModule and Westermo. Trend said it is in conversations with these manufacturers to secure their machinery, but did not reveal which products were affected or detail the vulnerabilities affecting them.
Given this recent finding, Cesare Garlati, Chief Security Strategist at prpl Foundation, said: "Robots present a great opportunity to automate tasks and make human life more efficient, but equally can present a grave danger to the public if internal security controls are not properly addressed at the development stages.
"The example here is that the Robot is still drawing a straight line. That is what it was programmed to do. However, the consequences, should a robot be infiltrated and hacked, could be calamitous. If on the manufacturing line a hacker could configure new code to adjust certain measurements or rules for the robot, the final product could be compromised and this would potentially endanger the consumer. A prime example could be when manufacturing cars. If this is the road manufacturers want to go down, security at the development stage must be at core when these industrial robots are created. And that goes for all IoT connected devices. If they’re not secure, then they have no business being integrated or introduced to society."