As serious concerns over the safety and security of Internet of Things (IoT) devices continue to mount, researchers have discovered that industrial robots can be remotely hacked to cause potentially devastating damage. Researchers at security firm Trend Micro and Italy's Politecnico Milano found that many internet-connected industrial machines run on outdated software or have poor software protection.
In a research paper titled "Rogue Robots: Testing the Limits of an Industrial Robot's Security", experts said they discovered various security vulnerabilities that hackers can exploit to pull off a wide rage of attacks. Researchers found more than 80,000 industrial routers used to control robots were exposed, 5000 of which had no authentication requirements.
While some industrial devices have weak authentication systems with default passwords or none at all, researchers discovered that tens of thousands of devices rely on IP addresses that are public, increasing the risk of a malicious attacker getting access and hacking them.
Researchers also conducted a series of tests and plan to present a case study of these attack techniques at the IEEE Security and Privacy conference later in May. The report also included a case study demonstrating how attackers can potentially hijack a 220-pound industrial robotic arm.
The experts targeted an ABB IRB140 industrial robot, capable of carrying a payload of up to 6kg, that was programmed to draw a straight line. By exploiting a remote code vulnerability in the robot's controller software, they reverse engineered the RobotWare control program and RobotStudio software and were able to inject faults and microdefects into the workpiece.
Instead of drawing a straight line, researchers were able to alter the robot's parameters and trick it into drawing a line that was 2mm off. Although this might seem like a miniscule change, the tiniest of defects could be deadly when designing and manufacturing critical pieces of equipment such as parts for planes or cars.
"As far as the robot thinks, it's still drawing a straight line," Mark Nunnikhoven, VP of cloud research at Trend Micro, told Forbes. "It's a remote code exploit to change the configuration file, we're not changing the instructions, we're changing what the robot believes to be true about its environment.
"It doesn't sound like much until you remember what the robot is trying to do with this straight line. So if it's on a car manufacturing line, it's trying to do a weld in a straight line, joining two pieces of material together. If it's in pharmaceuticals, it's doing similar things, trying to align different parts for medical devices... a 2mm variance in what should be a straight line could have catastrophic effects downstream."
ABB was notified of the vulnerability and has already fixed the issue in its latest firmware revision.
The report also warned that attackers may target the company itself by keeping track of any altered products and later contacting them and demanding a ransom to reveal which ones were affected.
"If my chassis of my car is no longer as strong as it should be it's going to react differently in an accident," Nunnikhoven said. "If that wing of that aircraft isn't attached the way it should be, that's a really bad thing for flight in general."
An attacker may also control a robot to damage its parts or even cause injuries to the people working closely with them. While an operator may think it is safe to walk, stand or work near the robot when "in that very moment, an attacker is controlling its movements," the report warned.
By hijacking an industrial machine, a malicious actor could force bottlenecks and completely halt the production line. They may even target a particularly critical robot that contains sensitive trade data that could prove valuable on the dark market.
Trend Micro looked at robots made by five major manufacturers - ABB, Mitsubishi, Fanuc, Kawasaki and Yaskawa - and found new vulnerabilities of varying severity across five brands. These included Belden, Digi, Moxa, NetModule and Westermo. Trend said it is in conversations with these manufacturers to secure their machinery, but did not reveal which products were affected or detail the vulnerabilities affecting them.