Industrial Robots Are Not Safe From Cyber Attack

The rapid progress of Artificial Intelligence (AI), combined with readily available large data sets, lower prices for sensors and electronics and a steady demand for efficiency,  is paving the way for a c“robot revolution" and millions of industrial robots are predicted to be used in manufacturing around the world very soon.. 

With the impact of the Coronavirus pandemic on human workers, it looks like the time has come for industrial robots to take over factory floors and showcase the suite of benefits they bring to manufacturing.  But similar to remote working for humans, when they are incorrectly set up and poorly secured, industrial robots can be a source of major security issues.

Robots are generally known to automate repetitive tasks and free up valuable time for their human colleagues to take on more complex and creative tasks; the current social distancing measures have built a stronger case for robot use. Industrial robots have a long legacy of assembling everything from heavy automobiles, airplanes, electrical appliances. Now they are demonstrated remarkable versatility and strength in taking over human labor with consistent speed and precision. This highly efficient employee has won over factory owners. The global industrial robot market size is predicted to exceed US$66 billion by 2027.

Since robots are generally connected to networks and programmed via software, they could potentially present entry points for bad actors. Indeed, researchers at Trend Micro have recently discovered vulnerabilities in an app written in proprietary programming language distributed by Swiss-Swedish multinational corporation ABB, which is used to automate industrial machines.

The discovered flaw is the very tool that hackers can leverage on and gain access to networks, exfiltrating valuable files, and sensitive data. 

Trend Micro's researchers also spotted vulnerabilities in the popular open-source software named “Robot Operating System Industrial” or ROS-I. They found a vulnerability that attackers can exploit to interfere with a robot’s movements via a network. By spoofing, an unknown source disguising as a known, trusted source to communicate, network packets, attackers can cause unintended movements or interrupt existing flows of set procedure. This vulnerability found in a ROS-I’s software component was written for Kuka and ABB robots. However, adequately configured safety systems could make it challenging for hackers to succeed.

The report clarified that appropriate measures were taken to deal with the discovered vulnerability. “One was removed by the vendor (ABB) upon our responsible disclosure. The other vulnerabilities fostered a fruitful conversation with ROS-Industrial, which led to the development of some of the mitigation recommendations described,” as written in the report.

Robots are capable of replacing human manufacturing workers and of making companies more productive in the process. In the US, four manufacturing industries account for 70 percent of robots: automakers (38 percent of robots in use), electronics (15 percent), the plastics and chemical industry (10 percent), and metals manufacturers (7 percent).

Trend Micro:     News Scientist:        TechHQ:          MIT:       Interesting Engineering

You Might Also Read:

Some Expert Predictions For Industrial Cyber Security:

 

« Hackers Attack Israel’s Defence Sector
Satellite Communications Need Protection »

Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

MetaCompliance

MetaCompliance

MetaCompliance is a cyber security and compliance organisation that helps transform your company culture and safeguard your data and values.

White & Case

White & Case

White & Case is a global law firm with offices in the Americas, EMEA and Asia-Pacific. Practice areas include Data, Privacy & Cybersecurity.

FireMon

FireMon

FireMon is the only agile network security policy platform for firewalls and cloud security groups providing the fastest way to streamline network security policy management.

Cymulate

Cymulate

Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time.

Mirae Technology

Mirae Technology

Mirae Technology, initially a network specialist, has since produced one time password generators for use in the financial sector and become a company specializing in information security.

Finosec

Finosec

Finosec's mission is to change the way information security and cybersecurity are managed in banking.

AiCULUS

AiCULUS

AiCULUS is a global technology company that specializes in API security and Risk Management products.

LibraSoft

LibraSoft

Librasoft creates solutions to protect information from external and internal threats.

Polymer

Polymer

Polymer is a Data Governance & Privacy Platform for third party SaaS apps. A modern Data Loss Protection (DLP) approach to remove sensitive data exposure on collaboration tools in real-time.

Foretrace

Foretrace

Foretrace aims to prevent, assess, and contain the exposure of customer accounts, domains, and systems to malicious actors.