Trend Micro Report reveals threats of Industrial Robot’s Security
Trend Micro, in its latest research report, “Rogue Robots: Testing the Limits of an Industrial Robot’s Security”, suggested ways to fix Hackable Industrial Robots to build a more secure future for the Fourth Industrial Revolution (Industry 4.0). The report analyzes how easily an industrial-grade robot could be actually “hacked”, besides demonstrating for the first time how robots can be compromised, while putting spotlight on the security and vulnerability of industrial robots.
The research was conducted with the collaboration of Trend Micro’s Forward-looking Threat Research (FTR) team and researchers from the Politecnico di Milano (POLIMI) in Italy.
“Trend Micro researchers were able to determine five classes of attacks that are possible once an attacker is able to exploit any of the several weaknesses that we found in industrial robot architectures and implementations. The vendors, with whom Trend Micro is working closely, have taken the results very responsibly, showing a positive attitude toward securing the current and future generation of industrial robots. We hope that research like this will help to kick-start that process and develop a more secure Industry 4.0,” said Nilesh Jain, Country Manager (India and SAARC), Trend Micro. He further added, “The research report details various threat scenarios, ranging from physical damage and sabotage to ransomware and even exfiltration of sensitive data from the factory network. A holistic effort requiring input from all stakeholders, including cybersecurity standards makers, software developers, vendors, and network defenders, is necessary. This goes way beyond merely improving the quality of embedded software.”
As disclosed in the report, the problem is that, as these systems get smarter and more interconnected, their attack surface has grown. Web services also allow external software or devices to “speak” with their robot controller via HTTP requests, while new APIs allow humans to control robots through smartphone apps. Even robot app stores have begun to spring up. Some industrial robots are even reachable directly from the public internet to allow for remote monitoring and maintenance.
Operating an industrial robot requires several parts working together properly. Industrial robots are expected to perform with a high degree of safety, accuracy, and integrity. Any violation of these operational requirements, if initiated through a digital attack, can allow a cyber-attacker to take control of a robot. In Trend Micro’s comprehensive security analysis, the researchers were able to analyze the impact of system-specific attacks and demonstrate attack scenarios on actual standard industrial robots in a controlled environment of laboratory setting. The demonstration showed how remote attackers can alter or introduce minor defects in the manufactured product, physically damage the robot, steal industry secrets, or injure humans. As per the Trend Micro’s analysis, researchers discovered different ways that make industrial robots vulnerable – from the usage of outdated software and weak authentication, to exposure due to the usage of public IPs, vulnerable OSs and libraries, obsolete or cryptographic libraries; and weak authentication systems with default, unchangeable credentials.
According to the findings of Trend Micro FTR Team, approximately 83,673 devices are exposed to remote attackers, and 5105 devices had no authentication leading to unrestricted access using anonymous credentials. In accordance with Censys, ZoomEye, and Shodan search results, these industrial devices reside on public IP addresses, which could include exposed industrial robots, further increasing risks that an attacker can access and compromise them. And according to Trend Micro’s research, the US leads the world in having the largest volume of machines exposed to the internet in this way.
The approximate determines, there will be 1.3 million of them in factories globally by 2018, carrying out a range of tasks in a wide variety of industries – everything from welding and packaging to food processing and die-casting. These systems are needed to support Industry 4.0, a new wave of innovation based around automation and smart factories, which could transform society alike the first steam engines did in the late 18th century.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.