Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
6/29/2017
05:35 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Hacking Factory Robot Arms for Sabotage, Fun & Profit

Black Hat talk will discuss how hackers could take over robotic arms, create micro-defects in products, and open up a new world of subtle blackmail.

Security researchers have been accumulating a trove of breakthrough discoveries on Industrial Internet of Things (IIoT) vulnerabilities and releasing them at the Black Hat Briefings over the last few years - which has certainly helped raise awareness of dangerous flaws in critical infrastructure like power grids and gas pipeline control systems. But there's a lot more to IIoT security than hardening the industrial world against power disruptions.

Next month at Black Hat USA in Las Vegas, a group of researchers will help broaden enterprise security horizons by showing a new use case of how attackers can bridge the cyber world with the physical world by creatively targeting IIoT systems. This time they shifted gears and focused on the factory floor.

In the talk, Breaking the Laws of Robotics: Attacking Industrial Robots, a group of researchers from the Politecnico di Milano in Italy stress-tested the cyber and physical security of computer-controlled robotic arms used worldwide in factories throughout a range of manufacturing scenarios.

The idea was to move beyond the question of whether or not an IIoT device like a robotic arm could be hacked, and instead start looking at scenarios of what could be done with these devices once they're hacked, says Stefano Zanero, one of the researchers. Zanero is associate professor at Politecnico di Milano, as well as a Black Hat review board member.

"We looked at not just the how we can break into that specific arm, because that’s not important, but what are the specific things that an attacker that has broken into a computer in a robotic arm can do that is unique [to] the robotic arm and not another computer," he says.

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada, July 22-27, 2017. Click for information on the conference schedule and to register.

The findings transcend the FUD of Cyber 9/11 warnings of yesteryear and will dig into some very realistic scenarios of the kinds of subtle problems attackers could stir up with some simple hacks of IIoT factory systems.  

"For instance, you can modify some parameters that are not commonly touched by developers, and by doing so, you can introduce microdefects in the production of the robot," he says. "So, you can sabotage a production line without that being apparent in any way."

While this kind of sneaky attack could be used to carry out some truly dastardly attacks worthy of a mustache-twirling super-villain - think of supply chains being sabotaged for micro-precision manufacturing to create something like airplane parts - more realistically, it would be used for subtler but still nasty targeted attacks. 

"You can have somebody introduce a defect into production and then blackmail you, saying, 'Okay, so in the last month, your production had a critical defect into it. You're not going to find it out, but you should pay me and we'll tell you what it is,'" he says. "It's not the classic Dr. Doom scenario where you meet the evil supervillain in order to make it happen, but it’s a very, very basic money-oriented scenario that can happen tomorrow.

Related Content:

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
0%
100%
Joe Stanganelli,
User Rank: Ninja
7/4/2017 | 10:32:44 AM
Re: Tech is Tech is Tech
@Christian: You raise excellent points -- and I don't see any of this changing as long as "first to market, first to market, first to market" remains the battle cry of global industry.
Joe Stanganelli
0%
100%
Joe Stanganelli,
User Rank: Ninja
7/4/2017 | 10:31:41 AM
Alternatively, violence
Alternatively, a dastardly hacker who cares less for subtlety and "the long game" could potentially hack into those big yellow robotic arms to cause massive devastation and even hurt people.

Comic book idea: Hacker introduces micro-defect, blackmails company engineer, company engineer pays up, and before company engineer can fix the problem, hacker uses IIoT hack to kill the company engineer. Rinse and repeat.
RetiredUser
0%
100%
RetiredUser,
User Rank: Ninja
6/30/2017 | 12:15:42 PM
Tech is Tech is Tech
Not to get repetitive, but tech is tech is tech.  All I can say to this is that, if you make an electronic device that has parts that can "talk" to other parts, or has an interface that can be "talked" to in any way, and that device controls something, assume it can and will be hacked, cracked, etc.

Hacking {Fill in Your Product} for Sabotage, Fun & Profit should be the very first document written before a product even goes to the Testing team.  The more exploits discovered in Dev the better; putting anything out in Prod (especially manufacturing and hospital robotics) that can be hacked in this first weeks of Production use shows limited concern for the end user, the company as a whole and the industry.

As interesting as all these studies and guidelines are, they all point to the same trend.  That trend is a too-loose security and software methodology and regulatory environment that encourages - no, mandates - more aggressive product security development and risk analysis.

 

 

 
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
CVE-2021-21246
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...