Industrial Robots Are Not Safe From Cyber Attack

The rapid progress of Artificial Intelligence (AI), combined with readily available large data sets, lower prices for sensors and electronics and a steady demand for efficiency,  is paving the way for a c“robot revolution" and millions of industrial robots are predicted to be used in manufacturing around the world very soon.. 

With the impact of the Coronavirus pandemic on human workers, it looks like the time has come for industrial robots to take over factory floors and showcase the suite of benefits they bring to manufacturing.  But similar to remote working for humans, when they are incorrectly set up and poorly secured, industrial robots can be a source of major security issues.

Robots are generally known to automate repetitive tasks and free up valuable time for their human colleagues to take on more complex and creative tasks; the current social distancing measures have built a stronger case for robot use. Industrial robots have a long legacy of assembling everything from heavy automobiles, airplanes, electrical appliances. Now they are demonstrated remarkable versatility and strength in taking over human labor with consistent speed and precision. This highly efficient employee has won over factory owners. The global industrial robot market size is predicted to exceed US$66 billion by 2027.

Since robots are generally connected to networks and programmed via software, they could potentially present entry points for bad actors. Indeed, researchers at Trend Micro have recently discovered vulnerabilities in an app written in proprietary programming language distributed by Swiss-Swedish multinational corporation ABB, which is used to automate industrial machines.

The discovered flaw is the very tool that hackers can leverage on and gain access to networks, exfiltrating valuable files, and sensitive data. 

Trend Micro's researchers also spotted vulnerabilities in the popular open-source software named “Robot Operating System Industrial” or ROS-I. They found a vulnerability that attackers can exploit to interfere with a robot’s movements via a network. By spoofing, an unknown source disguising as a known, trusted source to communicate, network packets, attackers can cause unintended movements or interrupt existing flows of set procedure. This vulnerability found in a ROS-I’s software component was written for Kuka and ABB robots. However, adequately configured safety systems could make it challenging for hackers to succeed.

The report clarified that appropriate measures were taken to deal with the discovered vulnerability. “One was removed by the vendor (ABB) upon our responsible disclosure. The other vulnerabilities fostered a fruitful conversation with ROS-Industrial, which led to the development of some of the mitigation recommendations described,” as written in the report.

Robots are capable of replacing human manufacturing workers and of making companies more productive in the process. In the US, four manufacturing industries account for 70 percent of robots: automakers (38 percent of robots in use), electronics (15 percent), the plastics and chemical industry (10 percent), and metals manufacturers (7 percent).

Trend Micro:     News Scientist:        TechHQ:          MIT:       Interesting Engineering

You Might Also Read:

Some Expert Predictions For Industrial Cyber Security:

 

« Hackers Attack Israel’s Defence Sector
Satellite Communications Need Protection »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Minerva Labs

Minerva Labs

Minerva’s patent pending solution keeps malware in a constant sleep state before it can infiltrate your network and cause any damage.

Hexatrust

Hexatrust

The HEXATRUST club was founded by a group of French SMEs that are complementary players with expertise in information security systems, cybersecurity, cloud confidence and digital trust.

CultureAI

CultureAI

CultureAI deliver intelligent cyber security awareness education and tools that build resilient security cultures where employees help defend.

Trusted CI

Trusted CI

Trusted CI, the NSF Cybersecurity Center of Excellence is comprised of cybersecurity experts who have spent decades working with science and engineering communities.

SECFORCE

SECFORCE

SECFORCE is a leading information security consultancy specialising in bespoke penetration testing and red team engagements.

Aigner Business Solutions

Aigner Business Solutions

Aigner Business Solutions GmbH is a specialist in IT-Security and Data Protection. Concise and focussed.

SoloKeys

SoloKeys

SoloKeys provides the first open-source FIDO2 security key: Protect your online accounts against unauthorized access by using the most secure login method.

SecurelyShare Software

SecurelyShare Software

SecurelyShare Software is a security software company, specializing in data security, data privacy and data governance.

Coretelligent

Coretelligent

Coretelligent is a leading providers of Managed and Co-Managed IT, cybersecurity and private cloud services.

Cyber Tzar

Cyber Tzar

Cyber Tzar is a new approach at dealing with an old problem; assessing and managing risks to your IT estate.

CyberloQ Technologies

CyberloQ Technologies

CyberloQ Secure is a cybersecurity solution that enables clients to implement highly robust Multi-Factor Authentication (MFA) that includes client-defined location-based geofencing constraints.

Knownsec

Knownsec

Knownsec provides customers with cloud defense, cloud monitoring, and cloud mapping products and services with "AI + security big data" as the underlying capability.

Technation

Technation

Technation proudly represents the Canadian technology companies that are furthering our nation and the world into the future through innovation, creativity and ingenuity.

Quotient

Quotient

Quotient builds digital experiences that empower and inspire the American people by understanding their needs, simplifying complex technical solutions and adapting to how they work, live and learn.

ClearFocus Technologies

ClearFocus Technologies

ClearFocus Technologies provides advanced cybersecurity services that secure our nation’s most sensitive assets.

Xcede

Xcede

Xcede are global technology recruitment specialists. We connect companies with exceptional professionals who empower growth.