Industrial robots are frequently exposed to the internet, creating a security risk in the process, according to new research from Trend Micro.
Of the 83,000 robots researchers found exposed to the public internet, 5,000 had no authentication in place to guard against possible hack attacks.
A report by security researchers at Trend Micro and computer scientists at the Politecnico di Milano (POLIMI) in Italy highlights five attack types (such as altering the robot’s state) which violate the three standard requirements of industrial robots: safety, integrity and accuracy.
For example, a hacker might be able to alter the control system so that the robot moves unexpectedly or inaccurately, at the attacker’s will.
The report (PDF) also uncovered 63 vulnerabilities in these systems.
“The software running on industrial robots is outdated; based on vulnerable OSs and libraries, sometimes relying on obsolete or cryptographic libraries; and have weak authentication systems with default, unchangeable credentials,” the researchers report.
These flaws, if left unaddressed, create a mechanism for hackers to infiltrate, steal or disrupt industrial control plants. The scope of possible attacks include disrupting the operation of plants through to planting ransomware. Robots sometimes store sensitive data (eg, source code or information about production schedules and volumes) and this information might be snatched from vulnerable, internet-exposed systems.
Industrial robots are used in many aspects of manufacturing and beyond, from making cars to food production and packaging.
More details of the research are due to be published at the upcoming Institute of Electrical and Electronics Engineers (IEEE) Symposium on Security and Privacy in San Jose, USA, later this month.
Five years ago all this would have come as a nasty shock but these days the security shortcomings of industrial plants are likely to be viewed as a sub-set of the wider IoT problem.
Youtube Video
Mocana CTO Dean Weber commented: “The ease by which attackers can make their way into industrial systems underscores the need to secure devices at their core, by embedding defence in the hardware and firmware used to operate things like robotic arms.
“There is simply no way, as this report shows, to stop cybercriminals from finding ways into manufacturing plants and other industrial facilities via the Internet. There, are, however, ways to stop intruders from taking control of devices they find,” he added. ®
Sponsored:
Continuous lifecycle London 2017 event. DevOps, continuous delivery and containerisation. Register now
组织的IT管理层也应评估一下新的战略选择,来更好更安全地满足业务的应用系统需求。是内部开发、外部采购,还是使用开源系统?
工业机器人经常暴露在互联网上,创造一个安全风险的过程中,根据新的研究趋势科技。
83000机器人研究人员发现暴露在公共互联网没有认证到位,以防止可能的黑客攻击。
在趋势科技和计算机科学家在米兰理工大学的安全研究人员报告(polimi)在意大利亮点五攻击类型(如改变机器人的状态),违反了三台工业机器人的标准要求:安全性、完整性和准确性。
例如,黑客可以改变控制系统使机器人的动作,意外的或不准确的,在攻击者的意志。
该报告(PDF)还发现个漏洞,在这些系统中。
“在工业机器人上运行的软件已经过时,基于脆弱的OSS和库,有时依赖过时或加密库,并具有弱认证系统默认,不变的凭据,”研究人员报告。
这些缺陷,如果得不到解决,创建一个黑客渗透机制,窃取或破坏工业控制设备。可能的攻击范围包括破坏植物的操作通过种植勒索。机器人有时存储敏感数据(例如,源代码或生产计划和卷的信息),这些信息可能会从脆弱的,互联网暴露系统。
工业机器人被用于制造和超越的许多方面,从汽车到食品生产和包装。

更多的研究细节将于即将出版的电气与电子工程师协会(IEEE)研讨会在美国的圣若泽,在本月晚些时候的安全和隐私。
五年前,这一切都将成为一个令人震惊的冲击,但这些天的工业厂房的安全缺陷可能被视为一个子集的更广泛的物联网问题。
YouTube视频
Mocana首席技术官院长韦伯说:“放心,攻击者可以使他们的方式进入工业系统强调需要在核心安全设备,在硬件和固件用于操作机器人手臂嵌入防御之类的东西。
正如报告所示,根本没有办法阻止网络犯罪分子通过互联网找到制造工厂和其他工业设施的途径。然而,在那里,有办法阻止入侵者控制他们发现的设备,“他补充道。®
赞助:
连续生命周期伦事件vOps,连续的传递和集装箱。现在登记
信息安全培训评测
要提供安全方针、策略、标准、指南等;要展示高阶管理层对信息安全的重视和承诺;简单介绍安全管理部门的组织架构;告诉员工当发生可疑事件时如何报告;给出相应的安全培训资源;要列出安全威胁和应对措施……

猜您喜欢

大数据安全防护应注重两大核心
中国顶级黑客关注安全意识培训
在线开放式EHS基础知识和理念培训班
原创 4.29卡罗拉上市发布会—起见证卡罗拉第12代
KHOOBSURATI ECUYTT
亭长朗然互联网信息安全教育中心正式成立