It has been estimated that by 2018, approximately 1.3 million industrial robot units – mechanical multi-axis “arms” used for automating various operations – will be employed in factories across the world.
And with the increased complexity and interconnection of industrial and robotic systems, it is high time to make sure that these devices can’t be compromised to adversely impact the quality or availability of the production chain, or endanger the humans that work beside them.
A group of researchers from Politecnico di Milano (POLIMI) and the Trend Micro Forward-Looking Threat Research (FTR) Team have, therefore, taken upon themselves the task to discover the width of the attack surface these complex cyberphysical systems offer to attackers.
Vulnerable software, exposed devices
They have looked at the code base of the software running on robots made by various manufacturers, and at whether they are reachable from the outside (via their FTP servers and exposed industrial routers).
They found outdated software, based on vulnerable OSs and libraries, relying on obsolete or otherwise broken cryptographic libraries, weak authentication systems with default, unchangeable credentials, and not enough patching. They also found a small number of robots but tens of thousands of industrial routers exposed on the Internet.
“An increasing number of industrial robots embed remote access devices already used by the vendor for remote monitoring and maintenance. Such devices are essentially industrial routers, often dubbed ‘service boxes’ by vendors,” they explained.
“Industrial routers provide an interesting attack surface to gain access to a robot controller and other industrial machines. For example, attackers could target a widespread vendor of such appliances whose products are also resold by various robotics original equipment manufacturers (OEMs) as part of their support contracts.”
Possible robot-specific attacks
“Our security analysis revealed that industrial robots must follow three fundamental laws—accurately ‘read’ from the physical world through sensors and ‘write’ (i.e., perform actions) through motors and tools, refuse to execute self-damaging control logic, and most importantly, echo one of the ‘Laws of Robotics’ (devised by Isaac Asimov, a popular science writer) to never harm humans,” the researchers revealed.
“Then, by combining the set of vulnerabilities that we discovered on a real, standard robot installed in our laboratory, we demonstrated how remote attackers can violate such fundamental laws up to the point where they can alter or introduce minor defects in the manufactured product, physically damage the robot, steal industry secrets, or injure humans. We then considered some threat scenarios on how attackers capitalized on these attacks, as in an act of sabotage or a ransomware-like scheme.”
They intentionally did not address approaches in which the attacker has physical access to the device, and stuck to attacks that can be performed by an attacker that manages to communicate with the robot controller over a network connection.
These tactics fall under five broader categories:
- Altering the control-loop parameters or the tampering with calibration parameters (both of which can lead to the robot moving unexpectedly or inaccurately, and to defective products and robot damages)
- Tampering with the production logic (result: defective products)
- Altering the user-perceived robot state or the actual robot state (possible result: operator injuries).
In a whitepaper released today, they detailed an attack they performed against a lab test setup consisting of of ABB’s six-axis IRB140 industrial robot equipped with the widely deployed IRC5 controller, and running RobotWare 5.13.10371 and FlexPendant based on Windows CE.
They have also delineated possible threat scenarios, including industrial sabotage, ransomware attacks, attacks aimed at bringing about physical damage to workers, and sensitive data exfiltration.
Advice for a more secure future
The researchers have set forth a bevy of actionable recommendations for improved security strategies for the industrial robot ecosystem, which can be implemented in the short and long term.
These include the reexamination of current industrial robot cybersecurity and safety standards, the introduction of more system-level hardening features, code and configuration signing, better authentication, security mechanisms for ensuring that human operators can override unexpected or unwanted robot behaviors, and so on.
Some of the vendors they contacted with information about existing vulnerabilities and advice on how to improve security have welcomed the input.
“ABB Robotics stood out in that it readily welcomed suggestions we had to offer and even started working on a response plan that will affect its current product line without losing time,” the researchers noted.