Earlier this month, computer-security firm Trend Micro, in collaboration with researchers at Polytechnic University of Milan, released a report titled, “Rogue Robots.” No, they weren’t writing about the threat of runaway artificial intelligence or Terminator-like “killer robots.” Rather, they were exploring how malevolent hackers might compromise various kinds of industrial robots, whose number is expected to reach 2.6 million units worldwide by 2019.
The dangers of industrial robots to factory workers have long been well appreciated, which is why most of these machines operate in cages designed to keep people out of harm’s way. But increasingly industrial robots are being designed to work alongside human workers, and such collaborative robots, or cobots, could present unique safety issues should their software be compromised.
The threats that a hacked industrial robot represent go beyond safety concerns, though. There’s the obvious worry about industrial sabotage. That software can do real damage to industrial machinery was well demonstrated by Stuxnet, a cyberweapon that observers believe the U.S. and Israeli governments created to disable the centrifuges Iran was using to enrich uranium.
The Trend Micro report highlights the possibility that imperceptible changes could be introduced into the operation of industrial robots, leading to subtle defects in the goods being produced. This would leave manufacturers open to blackmail—much like the victims of the recent WannaCry ransomware exploit—and the bad guys might demand, “Give us the bitcoin we’re asking for, and we’ll let you know which lot numbers have the faulty brake components.”[shortcode ieee-pullquote quote=""Industrial robots—originally conceived to be isolated—have evolved and are now exposed to corporate networks and the Internet . . . We were looking for connected robots from the top vendors and found several ones, some of which even provided unrestricted access using anonymous credentials (i.e., the authentication system was disabled)."" float="right" expand=1]
For the most part, the kinds of vulnerabilities the report describes sound pretty familiar. Some of this equipment come with default authentication credentials, which users might not be diligent about changing. The report’s authors write, “[G]iven that most consumer-level routers nowadays come with randomized credentials, we believe that industry-grade devices should follow the same sane approach.” They also say that much of the software running these machines is not properly updated and patched to remove known software vulnerabilities. And the developers producing this code are often a little slipshod when it comes to protecting against hackers, failing sometimes to adopt straightforward measures like code-signing for firmware upgrades.
All of that, worrisome as it is, seemed a little predictable to me. What came as much more of a surprise was the extent to which these industrial robots are connected to the Internet. I would have thought that great pains would always be taken to keep them isolated. When I dabbled in CNC work in my garage several years ago, I was careful to keep my router-toting robot off the Internet for the sake of safety. But apparently that’s not the case in industry these days.
“Indeed, industrial robots—originally conceived to be isolated—have evolved and are now exposed to corporate networks and the Internet,” write the report’s authors, who examined scans of the Internet and easily found many examples of connected industrial robots. “We were looking for connected robots from the top vendors . . . and found several ones, some of which even provided unrestricted access using anonymous credentials (i.e., the authentication system was disabled).”
Another eye-opener for me was learning that “[s]ome vendors implement safety features such as emergency stop (e-stop) buttons in software.” I certainly wouldn’t want to go anywhere near a powerful robot of any sort that didn’t have its big red button connected pretty darn directly to its power source.
I have to wonder, though, whether the report’s authors are being a little alarmist here. I would imagine that any industrial robot must have a hardware emergency shutoff positioned close at hand, perhaps supplemented with software buttons that, all being well, can also be used to stop the robot’s motion. But maybe I’m underestimating people’s willingness to trust software, now that it’s become so deeply baked into our lives.
David Schneider is a senior editor at IEEE Spectrum. His beat focuses on computing, and he contributes frequently to Spectrum's Hands On column. He holds a bachelor's degree in geology from Yale, a master's in engineering from UC Berkeley, and a doctorate in geology from Columbia.