It’s becoming increasingly apparent that industrial robots can be hacked and the potential for catastrophe is real. Today, researchers from Trend Micro and Politecnico di Milano hammered home the point with a proof-of-concept hack in which they remotely controlled a robotic arm drawing up designs for a drone.
While the hack doesn’t look particularly shocking – an ABB IRB140 industrial robot set up to draw a straight line is altered so it’s a few millimetres off – the impact could be significant, Trend Micro researchers warned. For instance, if an entire factory’s output is wasted because robots had been secretly tweaked to produce faulty goods, millions could be lost. Worse, parts for planes or cars could be changed as to become dangerous if put out into the real world.
In their scenario, the researchers attacked an ABB robot that was designing a 3D-printed drone rotor, injecting “microdefects” by remotely changing a configuration file; they didn’t tinker with the program code. “Taken to the extreme, however, should microdefects successfully evade detection by a vendor’s multiple checks and depending on the nature of the goods themselves, injury or fatality could occur,” the researchers warned in their report.
“As far as the robot thinks, it’s still drawing a straight line,” Mark Nunnikhoven, vice president of cloud research at Trend Micro, told Forbes. “It’s a remote code exploit to change the configuration file, we’re not changing the instructions, we’re changing what the robot believes to be true about its environment.
“It doesn’t sound like much until you remember what the robot is trying to do with this straight line. So if it’s on a car manufacturing line, it’s trying to do a weld in a straight line, joining two pieces of material together. If it’s in pharmaceuticals, it’s doing similar things, trying to align different parts for medical devices… a 2mm variance in what should be a straight line could have catastrophic effects downstream.
“If my chassis of my car is no longer as strong as it should be it’s going to react differently in an accident. If that wing of that aircraft isn’t attached the way it should be, that’s a really bad thing for flight in general.”
In other attacks, the researchers were able to alter the status information displayed on the remote control for the ABB robot in an attempt to trick its owner into believing it was in a safe mode. “The operator thinks it is safe to walk or stand near the robot even if in that very moment, an attacker is controlling its movements,” the report read.
ABB wasn’t the only vendor whose products were deemed vulnerable. Seven weaknesses of varying magnitude were uncovered across five manufacturers involved in hardware, software and networking for robots: Belden, Digi, Moxa, NetModule and Westermo. Trend isn’t revealing what products are affected by which vulnerabilities as the researchers continue to push for patches.
ABB was proactive in responding, according to the report, and a patch preventing the demonstrated attack was now available. The firm had not responded to a request for comment at the time of publication.
Digi was the only one of the six manufacturers to provide comment. But the company said it was not aware of any warning from Trend researchers. “Digi is reaching out to Trend Micro to understand the specifics of what they claim they uncovered and to address any issues,” a spokesperson said.
80,000 robots ‘exposed’
Just last month, security consultancy IOActive discovered more than 50 vulnerabilities across a wide range of home and industrial robots, including those from Rethink Robotics, maker of the the famous Baxter and Sawyer models. (Those issues were patched, Rethink said at the time). Again, they found manifold remotely exploitable issues that could have left the machines open to remote attack.
Such hacks are possible because tens of thousands of robots are accessible on the internet. Using tools like Shodan to search for such connected machines, Trend and Politecnico di Milano researchers discovered more than 80,000 industrial robots were exposed.
“The challenge there, as we know from other industries and other examples, is that when you connect things to the internet, bad things are now possible,” Nunnikhoven added. “Good things are possible, like remotely checking the status of your factory from halfway across the planet or updating things in real time, but this attack we demonstrated is remotely executable and if you have an internet connection, you’d be able to pull this off.”
Source: SANS ISC SecNewsFeed @ May 3, 2017 at 07:12AM