Rogue Robots - Testing the Limits of an Industrial Robot’s Security

Industrial robots are mechanical devices that can be programmed in a very flexible way to perform basically any kind of task. For this reason they're used practically in all industry sectors (e.g., automotive, aerospace, food, and even entertaining and movie making).

In our research, a collaboration between Politecnico di Milano and Trend Micro, we show a series of attacks that are specific to industrial robots. At the base of all these attacks is the lack of isolation between the various subsystems that make the robot work. So, for example, if an attacker manages to compromise the industrial router that connects the robot to the Internet, there are no isolation mechanisms enabled by default. From that moment on, the attacker can manipulate the robot at their will. In this video, we show a demo of a robot that we programmed to draw a simple straight line (in a real-world case, a welding robot could for example follow a straight line to attach two car parts together).

What you'll see in the video is the program code that drives the robot's movements. As a result of such program, the robot draws a perfectly straight line. In the second phase of the demo, we run the very same program, but this time, the attacker has launched an attack to alter the robot's configuration parameters, in a way that is invisible to the operator. The result is that the line is a couple of millimeters off track. So, modulo quality control, an attacker could be able to silently alter the quality of the manufactured goods, and maybe some months later they could come back to the manufacturer with a ransom request, telling them "hey, I've altered 1,000 cars in your production line, you either recall your last lot, or you pay me to know which ones I've altered." This is clearly just an example: in our research we describe other attacks and other scenarios.

For more details, you can read our dedicated web page [1], go through the slides of our Black Hat US Briefings talk [2], read the technical report [3] or the academic paper about this research [4].

[1] www.trendmicro.com/vinfo/us/security/news/internet…
[2] www.blackhat.com/us-17/briefings.html#breaking-the…
[3] documents.trendmicro.com/assets/wp/wp-industrial-r…
[4] robosec.org/downloads/paper-robosec-sp-2017.pdf