Mechanically, industrial robots may like an arm with two or more joints terminated by an end effector that interacts with the environment. But they are ultimately complex cyber-physical systems (CPSs) that include multiple mechanical actuators, controllers, sensors, networks and remote robot controllers, complex programming, and human interaction devices.
Like all industrial devices, robots are designed according to strict physical security and safety standards to work in rough conditions with extreme temperatures, vibrations, and electromagnetic noise. The inherent complexities of industrial robots open up novel opportunities for remote or local cyber attackers.
Any software vulnerability in the devices, therefore, can have serious consequences, ranging from the simple compromise of controlling machines to massive financial damages and even damages to critical goods or production chains.
Industrial robots were originally conceived to be isolated. Today, they have evolved and are physically connected to a corporate network or the Internet via a controller that controls their operations, and its subsystems through which operators interact (e.g., joysticks, switches, or I/O and diagnostic ports).
These interconnections expose the systems to a world of cyber-attacks and vulnerabilities. Exploiting these vulnerabilities, remote or local cyber attackers can violate the “Laws of Robotics” to a point where they alter or introduce minor defects in the manufactured product, disrupt operations, physically damage the robot, steel industry secrets, or injure human operators.
Researches have already found a sheer number of such vulnerabilities on industrial robots found in large and mid sized enterprises in sectors like automotive, aerospace, defense, pharmaceutical, packaging and palletizing, distribution centers, etc. Those vulnerabilities include unsecured networks, weak authentication, naive cryptography, memory corruption, missing code signing, poor runtime isolation, etc.
In this post, we will explain four common robot-specific cyber attacks under normal circumstances.
1. Altering the control-loop parameters
In this attack, an attacker gets access to the kinematics and configuration file and modify the parameters to alter the control system, causing an extreme modification or violation in functional and safety requirements. As a result of this servo motor level attack, the robot begins to move unexpectedly or inaccurately.
To ensure that the robots closely follow the desired trajectory, the manufacturers adopt closed-loop control detuning techniques such as PID and PIV to make the controlled variable follow as closely as possible a reference signal. Through tuning, the controller slowly perfects the values of its parameters and reaches the desired position.
Speed and position are controlled by open-loop control parameters. This means that any change in the configuration will directly and immediately affect the output. Attackers tampering the parameters leads to controller instability, frequent overshoots, violation of safety properties, and mechanical solicitations that could induce robot breakage.
2. Tampering with calibration parameters
When the robot is connected to a controller for the first time, its sensing equipment needs calibration. The controller uses the calibration data to understand the precise axes position and compute for errors when triggering servo motors. The attacker targets the calibration parameters and changes the sensory processing and knowledge model levels, causing the robot to move unexpectedly or inaccurately.
3. Tampering with the production logic
This refers to the manipulation of the functional model, such as the task program that embeds the production logic. Using an authentication-bypass vulnerability, the attacker can leverage a file system to arbitrarily alter the program executed by the robot to stealthily introduce a flaw that could insert small defects, modify a workpiece, or fully compromise a company’s manufacturing process.
4. Altering the robot status
It is mandatory that the operator interface should provide real-time information about all safety-critical conditions like operational mode (manual/automatic) and motor state (on/off). Most operator interfaces are software, without any electrical components. Any interference in the user interface (UI) can hide or change the true robot status, fooling operators into making wrong risk evaluations and creating a substantial safety hazard. Similar dangers can occur if an attacker manipulates the true robot status of the robot.
Some of the common robot components that can cause vulnerabilities are;
- USB port
- Ethernet: LAN service port
- LAN port
- Wireless access to remote service facilities
- WAN access to non-firewalled LAN port
- WAN access to remote service facilities
Let’s sum up. Industrial robot standards emphasize safety requirements for all industrial robots, such as emergency stopping functions, e-stop features, pendant controls, speed bounds, etc. Sadly, these standards do not explicitly consider cybersecurity threats and their possible impacts. Some safety standards, however, have mild security implications without explicitly accounting for adversarial control. Therefore, we recommend that these standards should be reexamined to ensure a secure architecture to prevent robot-specific cyber attacks, without sacrificing robot functionalities.