Industrial robotics security is really, really terrible


Researchers from Politecnico di Milano and Trend Micro conducted an audit of the information security design of commonly used industrial robots and found that these devices are extremely insecure: robots could be easily reprogrammed to violate their safety parameters, both by distorting the robots' ability to move accurately and by changing the movements the robots attempt to perform; hacked robots can also be made to perform movements with more force than is safe; normal safety measures that limit speed and force can be disabled; robots can be made to falsify their own telemetry, fooling human operators; emergency manual override switches can be disabled or hidden; robots can be silently switched from manual to automatic operation, making them move suddenly and forcefully while dangerously close to oblivious, trusting humans; and of course, robots can be caused to manufacture faulty goods that have to be remanufactured or scrapped.

All of this is possible because industrial robotic control systems lack even the most basic security — instead of cryptographically hashing passwords, they store them in the clear (with a single, deterministic XOR operation to provide a useless hurdle against hackers); controllers expose an FTP process during bootup that accepts new firmware loads without authentication; network-level commands are not encrypted or signed; controllers use hardcoded usernames and passwords; memory corruption attacks are easy and devastating; the runtimes for the control instructions are poorly isolated from other processes — the paper goes on and on.

Industrial robots epitomize all the problems of the Internet of Shit — operators who have little or no security expertise, a lack of easy updating, and lazy, sloppy design. But whereas killing someone with the Internet of Shit involves things like turning off the heat in February in Minnesota, industrial robots are giant, barely constrained killing machines.

We explored, theoretically and experimentally, the challenges
and impacts of the security of modern industrial robots.
We built an attacker model, and showed how an attacker
can compromise a robot controller and gain full control of
the robot, altering the production process. We explored the
potential impacts of such attacks and experimentally evaluated
the resilience of a widespread model of industrial robot (representative
of a de facto standard architecture) against cyber
attacks. We then discussed the domain-specific barriers that
make smooth adoption of countermeasures a challenging task.

Interesting future research directions include exploring
multi-robot deployments, co-bots, and the safety and security
implications of the adoption of wireless connections. Also, an
improved survey would produce statistically significant results.
We definitely plan to analyze controllers from other vendors,
to further confirm the generality of our approach.


An Experimental Security Analysis
of an Industrial Robot Controller
[Davide Quarta, Marcello Pogliani, Mario Polino, Federico Maggi, Andrea Maria Zanchettin, and Stefano Zanero/Industrial Robots Security]

(via 4 Short Links)