Industrial Robots Are Not Safe From Cyber Attack

The rapid progress of Artificial Intelligence (AI), combined with readily available large data sets, lower prices for sensors and electronics and a steady demand for efficiency,  is paving the way for a c“robot revolution" and millions of industrial robots are predicted to be used in manufacturing around the world very soon.. 

With the impact of the Coronavirus pandemic on human workers, it looks like the time has come for industrial robots to take over factory floors and showcase the suite of benefits they bring to manufacturing.  But similar to remote working for humans, when they are incorrectly set up and poorly secured, industrial robots can be a source of major security issues.

Robots are generally known to automate repetitive tasks and free up valuable time for their human colleagues to take on more complex and creative tasks; the current social distancing measures have built a stronger case for robot use. Industrial robots have a long legacy of assembling everything from heavy automobiles, airplanes, electrical appliances. Now they are demonstrated remarkable versatility and strength in taking over human labor with consistent speed and precision. This highly efficient employee has won over factory owners. The global industrial robot market size is predicted to exceed US$66 billion by 2027.

Since robots are generally connected to networks and programmed via software, they could potentially present entry points for bad actors. Indeed, researchers at Trend Micro have recently discovered vulnerabilities in an app written in proprietary programming language distributed by Swiss-Swedish multinational corporation ABB, which is used to automate industrial machines.

The discovered flaw is the very tool that hackers can leverage on and gain access to networks, exfiltrating valuable files, and sensitive data. 

Trend Micro's researchers also spotted vulnerabilities in the popular open-source software named “Robot Operating System Industrial” or ROS-I. They found a vulnerability that attackers can exploit to interfere with a robot’s movements via a network. By spoofing, an unknown source disguising as a known, trusted source to communicate, network packets, attackers can cause unintended movements or interrupt existing flows of set procedure. This vulnerability found in a ROS-I’s software component was written for Kuka and ABB robots. However, adequately configured safety systems could make it challenging for hackers to succeed.

The report clarified that appropriate measures were taken to deal with the discovered vulnerability. “One was removed by the vendor (ABB) upon our responsible disclosure. The other vulnerabilities fostered a fruitful conversation with ROS-Industrial, which led to the development of some of the mitigation recommendations described,” as written in the report.

Robots are capable of replacing human manufacturing workers and of making companies more productive in the process. In the US, four manufacturing industries account for 70 percent of robots: automakers (38 percent of robots in use), electronics (15 percent), the plastics and chemical industry (10 percent), and metals manufacturers (7 percent).

Trend Micro:     News Scientist:        TechHQ:          MIT:       Interesting Engineering

You Might Also Read:

Some Expert Predictions For Industrial Cyber Security:

 

« Hackers Attack Israel’s Defence Sector
Satellite Communications Need Protection »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Information-Technology Promotion Agency (IPA) - Japan

Information-Technology Promotion Agency (IPA) - Japan

IPA is an implementing agency in Japan with a role to address Information Security, IT Systems Reliability and IT Resource Development.

Advantech

Advantech

Advantech is a leader in providing trusted innovative embedded and automation products and solutions. Activities include IoT security.

Robert Bosch Centre for Cyber-Physical Systems (RBCCPS)

Robert Bosch Centre for Cyber-Physical Systems (RBCCPS)

RBCCPS is an interdisciplinary research and academic centre within the Indian Institute of Science focused on research in cyber-physical systems.

InfoGuard

InfoGuard

InfoGuard is a leading Swiss company providing comprehensive cyber security and network solutions.

Conduent

Conduent

Conduent delivers mission-critical technology services and solutions on behalf of businesses and governments. Solution areas include digital risk and compliance.

PatrOwl

PatrOwl

Automate your SecOps with PatrOwl, and start defending your assets efficiently.

Globant

Globant

Globant is an It and software development company. We leverage the latest technologies and methodologies to help organizations transform in every aspect, including software security.

Tromzo

Tromzo

Tromzo's mission is to eliminate the friction between developers and security so you can scale your application security program.

Nomios

Nomios

Nomios develops innovative solutions for your security and network challenges. We design, secure and manage your digital infrastructure.

Digital Edge

Digital Edge

Digital Edge provides unparalleled Managed Cloud Solutions, as well as superior Information Technology Support Services.

GoTo

GoTo

At GoTo we help people and businesses to connect and collaborate simply and securely – from anywhere. We’re the trusted partner for companies of all sizes.

V3 Cybersecurity

V3 Cybersecurity

V3 Cybersecurity is a unique company focused on contextualization of security programs from a business perspective. Our mission is to provide enterprise IT Risk Management capabilities.

ZILLIONe

ZILLIONe

ZILLIONe is one of Sri Lanka´s top enterprise technology solutions providers.

Cura Technology

Cura Technology

Cura Technology offers a wide array of security solutions meticulously designed to address specific facets of your security requirements.

AKIPS

AKIPS

AKIPS develops the world's most scalable network and infrastructure monitoring software, delivered as a turn-key software appliance.

ClearFocus Technologies

ClearFocus Technologies

ClearFocus Technologies provides advanced cybersecurity services that secure our nation’s most sensitive assets.