Text Size:A- A+

Milan: Industrial robots are now being used to assemble everything from airplanes to smartphones, using human-like arms to mechanically repeat the same processes over and over, thousands of times a day with nanometric precision.

But according to a new report entitled Rogue Automation, some robots have flaws that could make them vulnerable to advanced hackers, who could steal data or alter a robots movements remotely, like a scene out of science fiction.

Attacks on industrial environments in these sectors could have serious consequences, including operational failure, physical damage, environmental harm and injury or loss of life, according toFederico Maggi, a researcher at Trend Micro Inc., and Marcello Pogliani, an information security researcher at Politecnico di Milano, in a research report reviewed by Bloomberg News. The report will be presented Wednesday at a virtual forum organized by Black Hat, which hosts cybersecurity events around the world.

Robots are often connected to networks and run via software, according to the report, and previously unknown vulnerabilities could allow hackers to hide malicious code in them and other automated, programmable manufacturing machines. The researcher found flaws in software produced and distributed by the Swedish-Swiss multinational ABB Ltd, one among worlds largest industrial robot maker. They also found other vulnerabilities in one of industrys most popular open-source software called Robot Operating System Industrial, or Ros-I, adapted for ABB and for Kuka AG, a German robot maker.

Maggi and Pogliani said two years ago they stumbled upon something we had never seen before, an app store run by ABB for heavy industrial machines including robots. The apps were written in ABBs proprietary programming language used to automate industrial machines, the types of robots used to assemble cars or handle processed food. They downloaded and reverse engineered some of the apps to figure out how they worked and discovered a vulnerability in one of the apps for ABB robots just the type of thing a hacker could exploit, they said.

The flaw would have allowed an attacker on the network to exfiltrate any files from the robot controller, including potentially sensitive data. ABBs app store itself also had a vulnerability, according to the researchers. Hackers could upload apps from the store by bypassing validation procedures and making them immediately available to the public even if still pending approval, the researchers said.

Industrial secrets are traded for very high prices in underground marketplaces and have become one of the main targets of cyber warfare operations, the paper said. A vulnerability scanner designed by the researchers discovered another class of flaws into a Ros-Is software component for Kuka and ABB robots that could have allowed an attacker to interfere with robots movements, according to the report.

We are deeply grateful to our readers & viewers for their time, trust and subscriptions.

Quality journalism is expensive and needs readers to pay for it. Your support will define our work and ThePrints future.

SUBSCRIBE NOW

Vulnerabilities related to ABB have been acknowledged and solved by the company while flaws found into Ros-I software have been mitigated by Ros consortium and confirmed by the U.S. Cybersecurity & Infrastructure Security Agency, also known as CISA.

A spokesman for ABB said the company has fixed the concerns in the Trend Micro tests, which helped us provide greater security for equipment in the market. There is no indication of data exfiltration nor any customers affected by it, he added.

A spokeswoman for Kuka said Ros-I is an open source project, not developed by Kuka and not part of our portfolio. Universities and research institutes decide whether they want to integrate Ros-I via the interface themselves, she added.

Industrial robots are a fast-growing area in the industrial sector, with historical growth rates exceeding 20% in unit terms, with an annual value of $16 billion based on International Federation of Robotics data. Even as Chinas foray into the robots is slowing and the sector may see a decline in 2020, long-term fundamentals remain largely intact, driven by factors such as aging demographics and demand for quality, Bloomberg Intelligence analyst Mustafa Okur said. Bloomberg

Also read: Post Covid, its not a bad idea to have robots and machines replace humans at some jobs

Subscribe to our channels on YouTube & Telegram

News media is in a crisis & only you can fix it

You are reading this because you value good, intelligent and objective journalism. We thank you for your time and your trust.

You also know that the news media is facing an unprecedented crisis. It is likely that you are also hearing of the brutal layoffs and pay-cuts hitting the industry. There are many reasons why the medias economics is broken. But a big one is that good people are not yet paying enough for good journalism.

We have a newsroom filled with talented young reporters. We also have the countrys most robust editing and fact-checking team, finest news photographers and video professionals. We are building Indias most ambitious and energetic news platform. And we arent even three yet.

At ThePrint, we invest in quality journalists. We pay them fairly and on time even in this difficult period. As you may have noticed, we do not flinch from spending whatever it takes to make sure our reporters reach where the story is. Our stellar coronavirus coverage is a good example. You can check some of it here.

This comes with a sizable cost. For us to continue bringing quality journalism, we need readers like you to pay for it. Because the advertising market is broken too.

If you think we deserve your support, do join us in this endeavour to strengthen fair, free, courageous, and questioning journalism, please click on the link below. Your support will define our journalism, and ThePrints future. It will take just a few seconds of your time.

Support Our Journalism

See the rest here:

Its not science fiction. Robots running industrial world can be hacked, remote-controlled - ThePrint