Industrial Robots Are Not Safe From Cyber Attack

Uploaded on 2020-08-24 in FREE TO VIEW, BUSINESS-Production-Manufacturing

The rapid progress of Artificial Intelligence (AI), combined with readily available large data sets, lower prices for sensors and electronics and a steady demand for efficiency,  is paving the way for a c“robot revolution" and millions of industrial robots are predicted to be used in manufacturing around the world very soon.. 

With the impact of the Coronavirus pandemic on human workers, it looks like the time has come for industrial robots to take over factory floors and showcase the suite of benefits they bring to manufacturing.  But similar to remote working for humans, when they are incorrectly set up and poorly secured, industrial robots can be a source of major security issues.

Robots are generally known to automate repetitive tasks and free up valuable time for their human colleagues to take on more complex and creative tasks; the current social distancing measures have built a stronger case for robot use. Industrial robots have a long legacy of assembling everything from heavy automobiles, airplanes, electrical appliances. Now they are demonstrated remarkable versatility and strength in taking over human labor with consistent speed and precision. This highly efficient employee has won over factory owners. The global industrial robot market size is predicted to exceed US$66 billion by 2027.

Since robots are generally connected to networks and programmed via software, they could potentially present entry points for bad actors. Indeed, researchers at Trend Micro have recently discovered vulnerabilities in an app written in proprietary programming language distributed by Swiss-Swedish multinational corporation ABB, which is used to automate industrial machines.

The discovered flaw is the very tool that hackers can leverage on and gain access to networks, exfiltrating valuable files, and sensitive data. 

Trend Micro's researchers also spotted vulnerabilities in the popular open-source software named “Robot Operating System Industrial” or ROS-I. They found a vulnerability that attackers can exploit to interfere with a robot’s movements via a network. By spoofing, an unknown source disguising as a known, trusted source to communicate, network packets, attackers can cause unintended movements or interrupt existing flows of set procedure. This vulnerability found in a ROS-I’s software component was written for Kuka and ABB robots. However, adequately configured safety systems could make it challenging for hackers to succeed.

The report clarified that appropriate measures were taken to deal with the discovered vulnerability. “One was removed by the vendor (ABB) upon our responsible disclosure. The other vulnerabilities fostered a fruitful conversation with ROS-Industrial, which led to the development of some of the mitigation recommendations described,” as written in the report.

Robots are capable of replacing human manufacturing workers and of making companies more productive in the process. In the US, four manufacturing industries account for 70 percent of robots: automakers (38 percent of robots in use), electronics (15 percent), the plastics and chemical industry (10 percent), and metals manufacturers (7 percent).

Trend Micro:     News Scientist:        TechHQ:          MIT:       Interesting Engineering

You Might Also Read:

Some Expert Predictions For Industrial Cyber Security:

 

« Hackers Attack Israel’s Defence Sector
Satellite Communications Need Protection »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Aptive Consulting

Aptive Consulting

Aptive is a cyber security consultancy providing Penetration Testing and Vulnerability Assessment services.

Foundation Futuristic Technologies (FFT)

Foundation Futuristic Technologies (FFT)

FFT is a global leader in computer forensics and digital investigation solutions.

Cybercrypt

Cybercrypt

Cybercrypt is a world leading system provider in robust cryptography. Protecting critical assets, applications and sensitive data.

Egis Technology

Egis Technology

Egis specializes in the IC design, research and development, and the testing and sales of capacitive fingerprint sensor.

Versa Networks

Versa Networks

Versa is a software-defined networking vendor providing an end-to-end solution that both simplifies and secures the WAN/branch office network.

United Security Providers

United Security Providers

United Security Providers is a leading specialist in information security, protecting IT infrastructures and applications for companies with high demands on security.

Forensic Pathways

Forensic Pathways

Forensic Pathways focus on the provision of digital forensic technologies, offering clients unique technologies in the management of mobile phone data, image analysis and ballistics analysis.

Wiser Market

Wiser Market

Wiser Market is a leading company in global online brand protection services, intellectual property protection, anti-Counterfeit & trademark infringements.

CyberCyte

CyberCyte

CyberCyte provides a disruptive built-in integrated physical, network and perimeter security solution framework.

Activu

Activu

Activu makes any information visible, collaborative, and proactive for people tasked with monitoring critical operations including network security.

Anvilogic

Anvilogic

Anvilogic provides a unifying experience for security professionals aimed at providing improved visibility, enrichment, and context across hundreds of alerting datasets and security tools.

Krista Software

Krista Software

Krista is an intelligent automation platform that combines iPaaS and Conversational AI to automate complete business processes across your teams and apps.

SalvageData Recovery Services

SalvageData Recovery Services

Since 2003, SalvageData has been providing high-quality data recovery with the certifications needed to work with any storage media manufacturer.

CBIT Digital Forensics Services (CDFS)

CBIT Digital Forensics Services (CDFS)

CDFS is Australia’s premier supplier of digital forensic tools, industry-embedded training and certification to Law Enforcement, Government, and Corporate Enterprise.

Lithuanian Cyber Command (LTCYBERCOM)

Lithuanian Cyber Command (LTCYBERCOM)

The Lithuanian Cyber Command is responsible for planning and execution of operations in cyberspace and installation of strategic and operational communications and information systems.

Trustlink Technologies

Trustlink Technologies

Trustlink Technologies is an information technology company founded with a steadfast vision to fortify the digital landscapes of businesses through a foundation of trust.