Industrial robots and other automated manufacturing machines are vulnerable to advanced hackers, a reality that could lead to them being controlled remotely and result in data breaches, new research suggests.
Modern manufacturing relies heavily on industrial robots and other automated machines. Used in the production of everything from aeroplanes to smartphones, these robots and machines have become core features in smart factories all over the world. But despite the numerous benefits they afford, some are not without their drawbacks, especially when it comes to cybersecurity.
According to a new report entitled ‘Rogue Automation: Vulnerable and Malicious Code in Industrial Programming’, many industrial robots and automated machines run on outdated, proprietary programming languages that have design flaws which make them insecure.
Compiled by Trend Micro, a multinational cybersecurity and defense company, and Politecnico di Milano, the largest technical university in Italy, the report outlines how advanced hackers could exploit vulnerabilities in Internet-connected industrial robots and automated machines to disrupt production lines and/or steal intellectual property.
The research also highlights how the industrial automation world may not be in a position to detect and prevent such exploitation from occurring. One reason for this is that some of the programming languages used to power many industrial robots were developed decades ago and are highly customised, making fixing the vulnerabilities that exist within them much more difficult.
Vulnerabilities revealed through reverse engineering
In the report, the researchers outline how they stumbled across something they had never seen before: an app store run by ABB — one of the world’s largest industrial robot-makers — for heavy industrial machines, including robots.
The apps in the store were written in ABB’s proprietary programming language, RAPID. The researchers downloaded and reverse engineered some of the apps to see if they contained vulnerabilities that could be exploited. One of the apps for ABB robots did, leaving it vulnerable to being hacked.
In this video, a Trend Micro researcher shows how an industrial robot could be taken over by an advanced hacker and have its movements controlled.
The vulnerabilities related to ABB have since been acknowledged and solved by the company.
In light of the research, Trend Micro has worked closely with The Robotic Operating System Industrial Consortium to establish recommendations to reduce the exploitability of the issues identified. The recommendations can be found in the full report: ‘Rogue Automation: Vulnerable and Malicious Code in Industrial Programming‘.
The results of the Trend Micro research were presented at Black Hat USA on August 5. The research will also be discussed at the ACM ASIACCS conference in October in Taipei.
*Header image courtesy of Deposit Photos