Assembly line robots vulnerable to hacking
Industrial robots make many of the things that we use in our everyday lives, from cars to domestic appliances.
If the world isn't to descend into chaos therefore, it's imperative that robots follow their programming. But a new report from the TrendLabs research arm of cyber security company Trend Micro reveals just how easily industrial robots can be hacked.
The spread of the industrial Internet of Things makes these devices more vulnerable to hackers. While the robots themselves may not be inherently insecure, the controllers used to operate and program the machines are often connected to the internet, and those connections aren't always properly secured.
Researchers examined industrial robots from five major manufacturers: ABB, Fanuc, Mitsubishi, Kawasaki and Yaskawa. They looked at the feasibility of executing an attack, and at how they could subvert the interaction between a robot and its physical environment. In one specific case, after programming an ABB robot to draw a straight line, the team were able to hack it to draw a line that was two millimetres off from the one it was originally programmed to draw.
According to Federico Maggi, Senior Threat Researcher at TrendLabs,
An increasing number of industrial robots embed remote access devices (sometimes called "service boxes") already used by the vendor for remote monitoring and maintenance. These devices are essentially industrial routers because they allow remote users to connect to a robot as if they were on a local network.
Industrial routers provide an interesting attack surface for gaining access to a robot controller and other industrial machines. For example, attackers could target a widespread vendor of such appliances whose products are also resold by various robotics OEMs as part of their support contracts.
When the vulnerability was disclosed to ABB the company responded quickly to fix the security holes that were found. Trend Micro is in talks with the other manufacturers that had robots tested about securing their equipment too.
You can find out more on the TrendLabs blog.