The trend of cyberattacks is at its peak, impacting every possible sector. The Automation industry may also be at risk. Trend Micro has researched this serious issue and given us a deeper understanding of how it works.
Rogue Robots: Testing the Limits of an Industrial Robot’s Security is the title of Trend Micro’s newest research paper. The study examines how easily an industrial-grade robot may truly be “hacked,” shows for the first time how robots can be compromised and make recommendations for how the Fourth Industrial Revolution can move toward a more secure future (Industry 4.0). Researchers from the Politecnico di Milano (POLIMI) in Italy and Trend Micro’s Forward-looking Threat Research (FTR) team collaborated on this study.
The study focuses on the safety and susceptibility of industrial robots. Industrial robots are expected to become more complicated and networked due to the Industry 4.0 revolution, making them vulnerable to assault. Industrial robots can become vulnerable in a variety of ways, according to Trend Micro’s analysis, including the use of outdated software, weak authentication, exposure due to the use of public IP addresses, vulnerable OSs and libraries, outdated or cryptographic libraries, and weak authentication systems with fixed, unchangeable credentials.
The Trend Micro FTR Team discovered about 83,673 devices vulnerable to remote attackers, and 5105 lacked authentication, allowing unlimited access with anonymous credentials. According to search results from Censys, ZoomEye, and Shodan, these industrial equipment are located on public IP addresses, which may include exposed industrial robots. This raises the possibility that attackers may get access to and hack them. The US tops the globe in having the most computers that are thus manner connected to the internet, according to research from Trend Micro.
Several components must work well together for an industrial robot to operate. Industrial robots must function with high integrity, accuracy, and safety. A cyber-attacker may seize control of a robot if any of these operating conditions are violated, especially if a digital attack brought about the infringement. The experts at Trend Micro were able to show attack scenarios on real standard industrial robots in a controlled lab environment and examine the effects of system-specific attacks in their thorough security investigation. The presentation illustrated how remote attackers might alter or add small flaws in the manufactured product, harm the robot physically, steal trade secrets, or hurt people.
Researchers from Trend Micro identified five different types of assaults that may be launched once an attacker successfully exploits one of the many flaws we discovered in the implementations and architectures of industrial robots. The vendors with which Trend Micro collaborates closely have acted responsibly in light of the findings and have a good outlook on protecting the present and upcoming generations of industrial robots. The development of a more secure Industry 4.0 is something we hope studies like this will contribute to, said Mr. Nilesh Jain, Country Manager (India and SAARC), Trend Micro.
The issue is that as these systems become smarter and more linked, their attack surface has increased, as the paper reveals. While new APIs allow people to control robots through smartphone apps, web services let external software or devices “talk” with their robot controller via HTTP queries. Even robot app stores are starting to appear. Some industrial robots can even be accessed directly from the internet for remote monitoring and maintenance.
By 2018, it is predicted that there will be 1.3 million of them working in factories worldwide, performing various jobs in a wide range of industries, including die-casting, welding, and packaging. These technologies are essential to the development of Industry 4.0, a new wave of innovation centred on automation and smart factories that have the potential to revolutionize civilization in a manner comparable to the early steam engines in the late 18th century.
