Whether it is smart phone manufacturing, car-making or the food and beverage sector, factories around the world are already equipped with robots and other automated technologies. So how much of a threat is the possibility of these robots being hacked?

Could Your Robot Be Spying on You? - Cybersecurity Tips for Manufacturers Employing Robotics
Could Your Robot Be Spying on You? - Cybersecurity Tips for Manufacturers Employing Robotics

Claudia Jarrett, US Country Manager | EU Automation

Researcher led by the National University of Singapore recently demonstrated that household robot vacuum cleaners can be hacked to behave like listening devices, which spy on their unsuspecting owners. Could industrial robots be similarly compromised? Here, Claudia Jarrett, US country manager at automation parts supplier EU Automation, assesses the risks for industrial robots.

Hackers have exploited LiDAR (Light Detection And Ranging) scanner technology, as used in the latest iPhone, to turn a household vacuum cleaner into a spying device. If that’s not sinister enough, elsewhere, in an experimental stunt, a friendly-looking humanoid robot was hacked to act like Chucky, the evil killer doll from the Child’s Play movies. A video shows the robot attacking a tomato while emitting an evil laugh.

The latter experiment was designed to demonstrate the vulnerabilities of technologies that can be hacked in an increasingly-connected world. While these robots were too small to cause direct physical harm, the same cannot be said for industrial robots. If a hacker were able to override these safety protocols, there would be potential to cause serious harm to workers in the factories that use them.

These hacks may not even be visible to the naked eye. They could entail making smaller and subtler adjustments to the commands or parameters of a robot, rendering an entire product line defective through the insertion of microdefects. Another example is that, aside from physical risks, industrial robots can be hacked to steal trade secrets or other commercially sensitive data.

Whether it is smart phone manufacturing, car-making or the food and beverage sector, factories around the world are already equipped with robots and other automated technologies. So how much of a threat is the possibility of these robots being hacked —and what can manufacturers do about it?

 

Assessing the threat

For industrial robots, the priority has always been making sure they are safe to operate around humans. While issues of cyber security in industrial robots have been neglected in the past, the same techniques that researchers have used to expose vulnerabilities in consumer robotics have proved just as effective in industrial settings.

Hackers typically use scanners to survey Internet of Things (IoT) devices for weaknesses. Vulnerabilities might include usernames and passwords unchanged from the factory defaults, or glitches in the software that can be discovered through reverse engineering. It’s less the robots themselves, and rather the growing reliance on connectivity and IoT devices that increases the vulnerability. 

Hacking a small humanoid robot to act like an evil Chucky doll is one thing. But researchers from the cybersecurity firm IOActive took it a step further, pulling-off a similar feats with industrial robots. They were able to hack an industrial robot arm made by Universal Robotics, overriding the safety protocols of the machine.

In another prominent example, Trend Micro discovered flaws in software produced by ABB. The Rogue Automation report details how researchers encountered an app store created by ABB. By downloading and reverse engineering the apps, they were able to pinpoint a vulnerability and exfiltrate sensitive data. ABB has since fixed the issue.

Open source software is becoming increasing popular — including in industrial applications  — but it’s a double-edged sword. On the one hand, open source software allows an army of well-intentioned computer geeks to spot and resolve any potential vulnerabilities or glitches. On the other, it means those with less benign intentions can exploit the same vulnerabilities, if they get there first.

To demonstrate this, Trend Micro’s researchers used their scanner to search for flaws in the popular open source software, Robot Operating System Industrial (Ros-I). Ros-I was first adapted for ABB by Kuka. In doing so, they found flaws in the software component for Kuka and ABB robots that allowed hackers to interfere with the movements of the robots. Users can rest assured the vulnerability no longer exists.

 

Preparing for the future

Results like these are worrying and offer a warning that manufacturers and regulatory authorities must change their approach. In future, cybersecurity will require more focus, as more and more devices are connected to the IoT. 

But what does this focus entail? Sensible manufacturers can continue to exploit the benefits of automation, but must also observe the basics of cyber health. That means downloading and installing the latest software and patches, as well as educating staff on the latest precautions for cyber security.

In the above examples, as with the evil Chucky doll, the hackers needed access to a local network or, at least, the ability to tamper with it. Securing these local networks will be key and, in some instances, it’s simply a case of updating the passwords and usernames from the default factory settings. 

It might be the case that newer devices are more vulnerable. Tried-and-tested robots or other automated devices are more likely to have had their security flaws discovered and resolved — such as in the example with Kuka and ABB. The risk with these machines is that their components become obsolete, but partnering with a reliable automation parts supplier such as EU Automation will allow manufacturers to continue relying upon the tech they trust, whether that’s new or obsolete equipment.

 
The content & opinions in this article are the author’s and do not necessarily represent the views of RoboticsTomorrow

Comments (0)

This post does not have any comments. Be the first to leave a comment below.


Post A Comment

You must be logged in before you can post a comment. Login now.

Featured Product

The ERT150 - Dorner’s Next Evolution of Edge Roller Technology Conveyors

The ERT150 - Dorner's Next Evolution of Edge Roller Technology Conveyors

The next evolution in Dorner's Edge Roller Technology conveyor platform, the ERT®150, is ideal for small and light-load assembly automation, as well as medical and medical-device assembly application. The ERT platform is the only pallet conveyor of its kind available with an ISO Standard Class 4 rating for cleanroom applications. Earning the ISO Standard 14644-1 Class 4 rating means Dorner's ERT150 will conform and not contribute to the contamination of cleanrooms to those standards. As implied by its name, the ERT150 (Edge Roller Technology) uses rollers to move pallets through the conveyor smoothly with no friction (a byproduct often seen in belt-driven platforms). The conveyor's open design eliminates concerns of small parts or screws dropping into rollers and causing conveyor damage or jamming. The ERT150 is suited to operate in cleanroom environments requiring a pallet handling conveyor. It is capable of zoning for no or low-back pressure accumulation and is ideal for automation assembly applications within industries including medical devices, electronics, consumer goods among others.