Industrial robot is a growing trend; with statistics pointing to over 1.2 million robots coming to factories globally by 2018. Now imagine the impact of a single, simple software vulnerability and what serious consequences that could result for manufacturers.
For the first time, a collaboration between Politecnico di Milano (POLIMI) and the Trend Micro Forward-Looking Threat Research (FTR) Team, were able to analyze the impact of system-specific attacks and demonstrate attack scenarios on actual standard industrial robots.
While vulnerabilities in protocols and software running industrial robots are widely known, there has been no in-depth, hands-on research to demonstrate that actually the robots can be compromised.
The research team examined robots from ABB, Fanuc, Mitsubishi, Kawasaki and Yaskawa; mostly factories responsible for manufacturing phones, cars and planes, which depend primarily on machines to automatically put these devices together.
And a series of tests conducted by the team disclosed that the factory robots have weak network security.
According to the research, the systems mostly employed simple usernames and passwords that couldn't be changed, while others didn't even require any password.
The machines also have poor software protection, including outdated software, and exposed IP addresses which pose a higher risk of hackers getting easy access.
With the aforementioned security posture of the targeted smart factory, hackers could trigger attacks that would amount to massive financial lose to the company in question or at worst, even affect the critical product lines.
For instance, ABB robots were remotely programmed by reversely-engineering the RobotWare program and the RobotStudio software, allowing the researchers to hack the machine's network and switched it to draw a straight line.
These findings has raised concerns about more general automation in the future. Albeit ABB has since fixed the flaws in its robot's software.
.jpeg)
