As robots populate factories and plants around the world at a brisk pace, security and safety are often overlooked. Numerous vulnerabilities plague industrial robots as seen in automotive assembly or autonomous transporters (found in larges on-line retailers that tout efficient warehouse fulfillment operations.) Not to be forgotten, Cobots (Collaborative Robots) that work very closely with humans are also included in this list of compromised robots.
Multiple reports have been published that depict the vulnerabilities found in these systems. One report notes that over 50 hacks were found across six different robot platforms using only superficial security audits. Many of the platforms had one or more weaknesses identified such as insecure communications, authentication issues and weak cryptography. A few of the robot manufacturers used open source robot frameworks and libraries as the foundation for their robot systems which contained flaws that left attack vectors exposed.
Robots are typically comprised of multiple systems that communicate internally to each other and externally to other devices across networks on other communication channels. Commands generated from other devices can command the robot to perform various movements to accomplish a task as well as the robot sending commands and data to other devices. Commonly, robot systems are connected using industrial routers and cellular modems which provide web based consoles. The problem with Web consoles is that when they are enabled they provide an incredibly enticing and lucrative attack surface.
So, how is this relevant?
In one of these reports, the authors were able to remotely take control of a robot, modify operating parameters, and falsely indicate the robot was in a “Safe State” when it was not!
This is proof that safety and security are inseparable when assessing robot systems.
Stay tuned for additional blogs in this series and a Free webinar.