Hacking Factory Robot Arms for Sabotage, Fun & ...

Network Computing Dark Reading

Advertise

About Us

Oldest First | Newest First | Threaded View

[close this box]

100%

RetiredUser,
User Rank: Ninja
6/30/2017 | 12:15:42 PM

Tech is Tech is Tech

Not to get repetitive, but tech is tech is tech. All I can say to this is that, if you make an electronic device that has parts that can "talk" to other parts, or has an interface that can be "talked" to in any way, and that device controls something, assume it can and will be hacked, cracked, etc.

Hacking {Fill in Your Product} for Sabotage, Fun & Profit should be the very first document written before a product even goes to the Testing team. The more exploits discovered in Dev the better; putting anything out in Prod (especially manufacturing and hospital robotics) that can be hacked in this first weeks of Production use shows limited concern for the end user, the company as a whole and the industry.

As interesting as all these studies and guidelines are, they all point to the same trend. That trend is a too-loose security and software methodology and regulatory environment that encourages - no, mandates - more aggressive product security development and risk analysis.

Reply | Post Message | Messages List | Start a Board

100%

Joe Stanganelli,
User Rank: Ninja
7/4/2017 | 10:31:41 AM

Alternatively, violence

Alternatively, a dastardly hacker who cares less for subtlety and "the long game" could potentially hack into those big yellow robotic arms to cause massive devastation and even hurt people.

Comic book idea: Hacker introduces micro-defect, blackmails company engineer, company engineer pays up, and before company engineer can fix the problem, hacker uses IIoT hack to kill the company engineer. Rinse and repeat.

Reply | Post Message | Messages List | Start a Board

100%

Joe Stanganelli,
User Rank: Ninja
7/4/2017 | 10:32:44 AM

Re: Tech is Tech is Tech

@Christian: You raise excellent points -- and I don't see any of this changing as long as "first to market, first to market, first to market" remains the battle cry of global industry.

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

How to Better Secure Your Microsoft 365 Environment

Kelly Sheridan, Staff Editor, Dark Reading, 1/25/2021

Many Cybersecurity Job Candidates Are Subpar, While On-the-Job Training Falls Short

Robert Lemos, Contributing Writer, 1/27/2021

Attackers Leave Stolen Credentials Searchable on Google

Kelly Sheridan, Staff Editor, Dark Reading, 1/21/2021

Webinars

Securing and Monitoring Networks in the 'New Normal'

What We Can Learn from Sports Analytics

How Elite Analyst Teams are Transforming Security with Cyber Reconnaissance

Webinar Archives

White Papers

A Technical Deep Dive on Software Exploits

Centralized Security Policy Management Across Hybrid Cloud Environments Should be an Obvious Strategy

5 Steps to Zero Trust in the Data Center

The Value of Threat Intelligence with DomainTools: Identify Threats 82% Faster

The Essential Guide to Securing Remote Access

More White Papers

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: This comment is waiting for review by our moderators.

Cartoon Archive

Current Issue

2020: The Year in Security

Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Assessing Cybersecurity Risk in Today's Enterprises

COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.

Download Now!

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

Building an Effective Cybersecurity Incident Response Team

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2021-3142
PUBLISHED: 2021-01-28

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35128. Reason: This candidate is a reservation duplicate of CVE-2020-35128. Notes: All CVE users should reference CVE-2020-35128 instead of this candidate. All references and descriptions in this candidate have been removed to preve...

CVE-2020-35124
PUBLISHED: 2021-01-28

A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.

CVE-2020-25782
PUBLISHED: 2021-01-28

An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientManage::ServerIP_Proto_Set during incoming message handling.

CVE-2020-25783
PUBLISHED: 2021-01-28

An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetClientTalk::OprMsg during incoming message handling.

CVE-2020-25784
PUBLISHED: 2021-01-28

An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientGuard::SubOprMsg during incoming message handling.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]