Industrial robotics security is really, really terrible

Researchers from Politecnico di Milano and Trend Micro conducted an audit of the information security design of commonly used industrial robots and found that these devices are extremely insecure: robots could be easily reprogrammed to violate their safety parameters, both by distorting the robots' ability to move accurately and by changing the movements the robots attempt to perform; hacked robots can also be made to perform movements with more force than is safe; normal safety measures that limit speed and force can be disabled; robots can be made to falsify their own telemetry, fooling human operators; emergency manual override switches can be disabled or hidden; robots can be silently switched from manual to automatic operation, making them move suddenly and forcefully while dangerously close to oblivious, trusting humans; and of course, robots can be caused to manufacture faulty goods that have to be remanufactured or scrapped.

All of this is possible because industrial robotic control systems lack even the most basic security -- instead of cryptographically hashing passwords, they store them in the clear (with a single, deterministic XOR operation to provide a useless hurdle against hackers); controllers expose an FTP process during bootup that accepts new firmware loads without authentication; network-level commands are not encrypted or signed; controllers use hardcoded usernames and passwords; memory corruption attacks are easy and devastating; the runtimes for the control instructions are poorly isolated from other processes -- the paper goes on and on.

Industrial robots epitomize all the problems of the Internet of Shit -- operators who have little or no security expertise, a lack of easy updating, and lazy, sloppy design. But whereas killing someone with the Internet of Shit involves things like turning off the heat in February in Minnesota, industrial robots are giant, barely constrained killing machines.

We explored, theoretically and experimentally, the challenges and impacts of the security of modern industrial robots. We built an attacker model, and showed how an attacker can compromise a robot controller and gain full control of the robot, altering the production process. We explored the potential impacts of such attacks and experimentally evaluated the resilience of a widespread model of industrial robot (representative of a de facto standard architecture) against cyber attacks. We then discussed the domain-specific barriers that make smooth adoption of countermeasures a challenging task.

Interesting future research directions include exploring multi-robot deployments, co-bots, and the safety and security implications of the adoption of wireless connections. Also, an improved survey would produce statistically significant results. We definitely plan to analyze controllers from other vendors, to further confirm the generality of our approach.

An Experimental Security Analysis of an Industrial Robot Controller [Davide Quarta, Marcello Pogliani, Mario Polino, Federico Maggi, Andrea Maria Zanchettin, and Stefano Zanero/Industrial Robots Security]

(via 4 Short Links)