Industrial robotic systems vulnerable to cyberattacks

Industrial robotic systems are vulnerable to cyberattacks according to research from information technology (IT) security company Trend Micro.


Industrial robotic systems are vulnerable to cyber-attacks, with 83,000 units exposed to the public-facing internet, of which thousands are not protected with authentication, according to research from IT security company Trend Micro.

Trend Micro teamed up with Italian technical university Politecnico di Milano (POLIMI) to examine the attack surface of existing industrial robots.

The researchers demonstrated how an industrial robot could be hacked in laboratory settings using an actual working industrial robot. They said that the robot was representative of a large class of industrial robots because of the architectural commonalities of most modern industrial robots and the existence of strict standards.

Trend Micro said that industrial robots were expected to perform with a high degree of safety, accuracy, and integrity, and that if there is a violation of any of these operational requirements, a cyber attacker could take control of the a robot.

"We found that the software running on industrial robots is outdated; based on vulnerable operating systems and libraries, sometimes relying on obsolete or cryptographic libraries; and have weak authentication systems with default, unchangeable credentials," the security company said.

"Additionally, [we] found tens of thousands industrial devices residing on public IP addresses, which could include exposed industrial robots, further increasing risks that an attacker can access and compromise them," the report added.

It determined five classes of attacks that are possible once an attacker is able to exploit any of the several weaknesses it found in industrial robot architectures and implementations.

The attacks include the ability to alter the control system or make changes to the calibration to make the robot move unexpectedly or inaccurately, at the attacker's will, meaning defective or modified products are produced, or that the robot itself is at risk of being damaged. Attackers could also tamper with the program executed by the robot to introduce defects in the products being made, or manipulate the robot's status so the operator loses control or even gets injured.

Unsurprising results

Overall, some 83,000 devices were found to be exposed to remote attackers, and 5,100 had no authentication in place at all. The report also uncovered 63 vulnerabilities in these systems, giving attackers opportunities to infiltrate, steal and disrupt.

Trend Micro said the vendors—with whom it is working closely—have taken its results very responsibly, showing a positive attitude toward securing the current and future generation of industrial robots.

Ian Hughes, Internet of Things analyst at IT advisory company 451 Research, said the results don't come as a surprise—he said that the number of vulnerabilities and potential security flaws are likely to grow as systems become more interconnected.

"A single production line can have 10,000 compute units making up multiple individual pieces of machinery, without automated security and patching they become vulnerable to both outside attack and insider malicious acts," he said.

On the flip side, connectivity can also provide a solution to many of these security challenges.

"Connectivity does give the chance to identify any components not patched to the highest level and provides opportunities to detect anomalous behavior automatically," he added.

Sooraj Shah is editor at Internet of Business. This article originally appeared on Internet of Business, a CFE Media content partner. Edited by Chris Vavra, production editor, Control Engineering, CFE Media,

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Controller programming; Safety networks; Enclosure design; Power quality; Safety integrity levels; Increasing process efficiency
Additive manufacturing benefits; HMI and sensor tips; System integrator advice; Innovations from the industry
Robotic safety, collaboration, standards; DCS migration tips; IT/OT convergence; 2017 Control Engineering Salary and Career Survey
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This article collection contains several articles on how automation and controls are helping human-machine interface (HMI) hardware and software advance.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me