Researchers have conducted an in-depth analysis of industrial robots in an effort to determine how easy it would be for malicious actors to remotely take control of such machines.
Robots are increasingly present in industrial environments, including in critical sectors, and they are often connected to the outside world, which could make them an easy target for hacker attacks.
On Wednesday, researchers at Trend Micro and the Polytechnic University of Milan released a paper focusing on the cybersecurity risks associated with industrial robots.
During their analysis, experts discovered that a growing number of industrial robots include remote access features designed for monitoring and maintenance. While these features can be useful for operators, they can also introduce serious security risks.
Internet scans conducted using the Shodan, Censys and ZoomEye services showed that some robots are exposed to the Internet via their FTP servers. Experts identified more than two dozen exposed robots in Europe, the United States, East and Southeast Asia, and Australia.
Robots can also be exposed to attacks from the Internet through industrial routers. Researchers discovered more than 80,000 industrial routers, mostly from vendors such as Sierra Wireless (50,000), Moxa (12,000), eWON (6,000) and Westermo (6,000). A majority of these devices are located in the United States, followed by Canada and several European countries.
The problem is that these routers are often misconfigured or affected by vulnerabilities. The security holes identified by experts include outdated software, device information leaks, default credentials or poor authentication, weak transport encryption, and insecure web interfaces.
While the actual robots can cost tens of thousands of dollars and some vendors only provide software and firmware to customers, researchers pointed out that software and firmware is often publicly available, and some manufacturers provide simulators that can be leveraged by hackers to test their attacks.
Researchers described several possible attack scenarios, including ones where the attacker alters the control system or changes calibration to cause the robot to move inaccurately or unexpectedly. An attacker could also tamper with the production logic, manipulate robot status information to trick the operator, and modify the machine’s state.
Robots can be targeted in a wide range of attacks, including to inject faults and microdefects into a product, take control of a machine to cause physical damage or to injure people, cause damage to the production line, and exfiltrate sensitive data. Ransomware attacks are also possible, where the attacker stealthily introduces microdefects in the production chain and then asks for a ransom to reveal which product lots are affected.
Researchers created a setup to demonstrate an actual attack using an IRB140 industrial robot from ABB Robotics:
Trend Micro has notified affected robot and router vendors, but some of them did not seem interested in the company’s findings. The security firm named ABB, eWON and Moxa as the companies that were open to suggestions for making security improvements.
Trend Micro’s research comes shortly after IOActive published a paper describing vulnerabilities in home, business and industrial robots.