CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Industrial Robots Vulnerable to Remote Hacker Attacks

Industrial robots vulnerable to hacker attacks

Industrial robots vulnerable to hacker attacks

Researchers have conducted an in-depth analysis of industrial robots in an effort to determine how easy it would be for malicious actors to remotely take control of such machines.

Robots are increasingly present in industrial environments, including in critical sectors, and they are often connected to the outside world, which could make them an easy target for hacker attacks.

On Wednesday, researchers at Trend Micro and the Polytechnic University of Milan released a paper focusing on the cybersecurity risks associated with industrial robots.

During their analysis, experts discovered that a growing number of industrial robots include remote access features designed for monitoring and maintenance. While these features can be useful for operators, they can also introduce serious security risks.

Internet scans conducted using the Shodan, Censys and ZoomEye services showed that some robots are exposed to the Internet via their FTP servers. Experts identified more than two dozen exposed robots in Europe, the United States, East and Southeast Asia, and Australia.

Robots can also be exposed to attacks from the Internet through industrial routers. Researchers discovered more than 80,000 industrial routers, mostly from vendors such as Sierra Wireless (50,000), Moxa (12,000), eWON (6,000) and Westermo (6,000). A majority of these devices are located in the United States, followed by Canada and several European countries.

The problem is that these routers are often misconfigured or affected by vulnerabilities. The security holes identified by experts include outdated software, device information leaks, default credentials or poor authentication, weak transport encryption, and insecure web interfaces.

While the actual robots can cost tens of thousands of dollars and some vendors only provide software and firmware to customers, researchers pointed out that software and firmware is often publicly available, and some manufacturers provide simulators that can be leveraged by hackers to test their attacks.

Advertisement. Scroll to continue reading.

Researchers described several possible attack scenarios, including ones where the attacker alters the control system or changes calibration to cause the robot to move inaccurately or unexpectedly. An attacker could also tamper with the production logic, manipulate robot status information to trick the operator, and modify the machine’s state.

Robots can be targeted in a wide range of attacks, including to inject faults and microdefects into a product, take control of a machine to cause physical damage or to injure people, cause damage to the production line, and exfiltrate sensitive data. Ransomware attacks are also possible, where the attacker stealthily introduces microdefects in the production chain and then asks for a ransom to reveal which product lots are affected.

Researchers created a setup to demonstrate an actual attack using an IRB140 industrial robot from ABB Robotics:

Trend Micro has notified affected robot and router vendors, but some of them did not seem interested in the company’s findings. The security firm named ABB, eWON and Moxa as the companies that were open to suggestions for making security improvements.

Trend Micro’s research comes shortly after IOActive published a paper describing vulnerabilities in home, business and industrial robots.

Related: Study Shows Exposure of Critical Sectors, ICS in U.S.

Related: Non-Targeted Malware Hits 3,000 Industrial Sites a Year

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.