Industrial Robots Are Not Safe From Cyber Attack

Uploaded on 2020-08-24 in FREE TO VIEW, BUSINESS-Production-Manufacturing

The rapid progress of Artificial Intelligence (AI), combined with readily available large data sets, lower prices for sensors and electronics and a steady demand for efficiency,  is paving the way for a c“robot revolution" and millions of industrial robots are predicted to be used in manufacturing around the world very soon.. 

With the impact of the Coronavirus pandemic on human workers, it looks like the time has come for industrial robots to take over factory floors and showcase the suite of benefits they bring to manufacturing.  But similar to remote working for humans, when they are incorrectly set up and poorly secured, industrial robots can be a source of major security issues.

Robots are generally known to automate repetitive tasks and free up valuable time for their human colleagues to take on more complex and creative tasks; the current social distancing measures have built a stronger case for robot use. Industrial robots have a long legacy of assembling everything from heavy automobiles, airplanes, electrical appliances. Now they are demonstrated remarkable versatility and strength in taking over human labor with consistent speed and precision. This highly efficient employee has won over factory owners. The global industrial robot market size is predicted to exceed US$66 billion by 2027.

Since robots are generally connected to networks and programmed via software, they could potentially present entry points for bad actors. Indeed, researchers at Trend Micro have recently discovered vulnerabilities in an app written in proprietary programming language distributed by Swiss-Swedish multinational corporation ABB, which is used to automate industrial machines.

The discovered flaw is the very tool that hackers can leverage on and gain access to networks, exfiltrating valuable files, and sensitive data. 

Trend Micro's researchers also spotted vulnerabilities in the popular open-source software named “Robot Operating System Industrial” or ROS-I. They found a vulnerability that attackers can exploit to interfere with a robot’s movements via a network. By spoofing, an unknown source disguising as a known, trusted source to communicate, network packets, attackers can cause unintended movements or interrupt existing flows of set procedure. This vulnerability found in a ROS-I’s software component was written for Kuka and ABB robots. However, adequately configured safety systems could make it challenging for hackers to succeed.

The report clarified that appropriate measures were taken to deal with the discovered vulnerability. “One was removed by the vendor (ABB) upon our responsible disclosure. The other vulnerabilities fostered a fruitful conversation with ROS-Industrial, which led to the development of some of the mitigation recommendations described,” as written in the report.

Robots are capable of replacing human manufacturing workers and of making companies more productive in the process. In the US, four manufacturing industries account for 70 percent of robots: automakers (38 percent of robots in use), electronics (15 percent), the plastics and chemical industry (10 percent), and metals manufacturers (7 percent).

Trend Micro:     News Scientist:        TechHQ:          MIT:       Interesting Engineering

You Might Also Read:

Some Expert Predictions For Industrial Cyber Security:

 

« Hackers Attack Israel’s Defence Sector
Satellite Communications Need Protection »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Pyramid Computer

Pyramid Computer

Pyramid Computer provides custom enterprise solutions for Industrial PC, Imaging, Network, Security, POS, Indoor Positioning and Automation.

WireX Systems

WireX Systems

WireX is an innovative network intelligence and forensics company that is changing the way businesses resolve cyber-attacks.

NNIT

NNIT

NNIT​ is one of Denmark’s leading consultancies in IT development, implementation and operations, including cyber security.

Span

Span

Span designs, develops and maintains information systems based on advanced technological solutions of global IT leaders.

Brighter AI

Brighter AI

Brighter AI empowers companies to use publicly-recorded camera data for analytics & AI while being compliant with increasing data privacy regulations worldwide.

Gorodissky IP Security

Gorodissky IP Security

Gorodissky IP Security is a comprehensive approach to protecting your intellectual property on the Internet and beyond.

ThreatModeler

ThreatModeler

ThreatModeler is an automated threat modeling solution that fortifies an enterprise’s Software Development Lifecycle by identifying, predicting and defining threats.

Open Systems

Open Systems

Open Systems is a Secure Access Service Edge (SASE) pioneer delivering a complete solution to network and security.

Quintillion Consulting

Quintillion Consulting

Quintillion Consulting is a strategic risk based consulting firm. We help companies safeguard the core business and IT capabilities that deliver competitive advantage.

Speedinvest

Speedinvest

Speedinvest is one of Europe’s most active early-stage investors with a focus on Deep Tech, Fintech, Industrial Tech, Network Effects, and Digital Health.

Eureka Security

Eureka Security

Eureka help organizations securely use any cloud data storage technology they need without having to compromise on security.

Apono

Apono

Apono enables DevOps and security teams to manage access to sensitive cloud assets and data repositories in a frictionless and compliant way.

Hadrian

Hadrian

Hadrian is modernizing offensive security practices with automation, making them faster and more scalable. Equipped with the hacker’s perspective, companies can now know what their critical risks are.

SignalFire

SignalFire

SignalFire invest across both enterprise and consumer sectors at the seed and early growth stages.

Ipstack

Ipstack

Ipstack offers one of the leading IP to geolocation APIs and global IP database services worldwide. Protect your site and web application by detecting proxies, crawlers or tor users at first glance.

Globesecure Technologies

Globesecure Technologies

Globesecure Technologies is a networks and cyber security company. We are here to resolve business security challenges and secure the digital transformation journey of our clients.