Researchers at the Polytechnic University of Milan and cybersecurity firm Trend Micro have analyzed some of the most popular industrial programming languages and showed how they can open the door to attacks against robots and other programmable manufacturing machines. They have developed a worm to demonstrate the severity of their findings.
The researchers analyzed programming languages from ABB, Comau, Denso, Fanuc, Kawasaki, Kuka, Mitsubishi, and Universal Robots, which can be used to create custom applications that enable industrial robots to carry out complex automation routines.
The experts looked at 100 open source automation programs developed with these languages and discovered vulnerabilities in many of them, including flaws that could allow a hacker to control or disrupt a robot. They pointed out that while some of the code they analyzed may not be used in production, some of it originated from technical materials that are likely to be used by beginner programmers, and it’s not uncommon for open source code to make its way into final products.
A majority of the studied programming languages have been around for a long time and migrating to a different technology would be a difficult and expensive task for many organizations.
One of the vulnerabilities found by the researchers affected a web server created in ABB’s Rapid language. An attacker with access to the network hosting the targeted robot controller could have exploited the security hole to obtain sensitive information, including intellectual property, without authentication. ABB removed the vulnerable app from its RobotStudio store after being alerted.
In another example shared by Trend Micro, an open source app written for Kuka robots was affected by a vulnerability that could have been exploited to spoof network packets and control the robot’s movements, potentially causing physical damage or disrupting the production process if safety systems were not deployed or configured properly.
In addition to vulnerabilities in the apps developed with the analyzed programming languages, researchers discovered design flaws that can be exploited to hide malicious functionality in industrial robots and even create self-spreading malware.
Learn more about vulnerabilities in industrial systems at SecurityWeek’s 2020 ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series
All of the analyzed languages have communication functionality that enables apps to send and receive data to and from external systems. Some of them also allow applications to access low-level system resources, including file system access and the ability to load and execute code.
All this functionality enables an attacker to create powerful malware. For example, a sophisticated hacker could make small changes to the code running on a robot to fetch malicious code from a remote location and execute it.
A proof-of-concept (PoC) malware developed by the researchers using one of the legacy programming languages can automatically spread in the compromised environment like a worm and exfiltrate valuable data from devices, while allowing the attackers to remotely control their creation.
According to the researchers, these types of attacks are most likely to be launched by a well-resourced attacker — setting up a small lab to conduct experimental attacks on industrial robots can cost between $20,000 and $250,000 — who has specific knowledge of the targeted organization.
“It is impractical to fix these design flaws because legacy programming environments cannot be easily replaced. Not only have they become critical for current industrial automation, but the strong technology lock-in makes every switch very expensive. Consequently, despite the existence of newer alternatives, the big players behind the leading platforms still dominate the market. Switching away from their platforms is simply uneconomical,” Trend Micro wrote in its report.
Trend Micro and the Robotic Operating System (ROS) Industrial Consortium have shared some recommendations for reducing the risk of attacks and the security firm has also created a tool that organizations can use to identify vulnerabilities and malware.
This is not the first time Trend Micro and the Polytechnic University of Milan have analyzed the security of industrial robots. Back in 2017, they showed how malicious actors could target industrial robots, and earlier this year they published an analysis of the possible entry points and attacks for targeting smart manufacturing environments.
Related: Industrial Robotics – Are You Increasing Your Cybersecurity Risk?
Related: Researchers Demo Remote Hacking of Industrial Cobots