Hackers Are Remotely Controlling Industrial Robots Now
Security researchers have found multiple vulnerabilities into a specific model of robot arm used in factories.
Image: Federico Maggi
Drawing a perfectly straight line sounds like the kind of job a robot should easily be able to do. But if hackers can manipulate its commands, what should be a straight line becomes a bungled, weirdly-shaped infinity symbol.
While that might seem like a hack with trivial consequences, imagine if that robot is responsible for wielding engine parts. Then, such a mistake could actually cause major malfunctions in the product the robot is helping manufacture, potentially leading to serious damages and, perhaps, even harm to humans.
A group of security researchers has demonstrated that such an attack is possible, hacking the IRB 140 industrial robot arm manufactured by ABB, a Swedish-Swiss company that sells products for the utility, transportation and infrastructure industries. The researchers showed how they were able to trick the robot into screwing up a simple straight line in a video.
Of course, screwing up a line isn't the worst that could happen here.
"The worst case scenario for any robot is a silent modification of the parameters that is not immediately visible," Stefano Zanero, the professor from Politecnico di Milano who oversaw the research, told Motherboard. "But that can achieve dangerous effects, such as inserting defects in the products, or making the robot harmful to nearby humans or to itself."
ABB said in an email that the company "has fixed the concerns in the Trend Micro tests, which helps us provide greater security for equipment in the market. The results also emphasize the importance of using a secure network, since the testing used an unsecured network connection."
Robots are replacing human jobs at an unprecedented rate—especially in factories. By 2018, it's estimated that 1.3 million robots will be employed in factories all over the world. For these reason, the researchers argue, it's crucial robot manufacturers take the security of their products more seriously.
"That can achieve dangerous effects, such as inserting defects in the products, or making the robot harmful to nearby humans or to itself."
That's because the ABB IRB 140 was just one of many robots the researchers could've targeted. In fact, the researchers looked for industrial robots that are needlessly exposed online using search engines like Shodan, a service that makes it easy to find unprotected websites and servers, and found that there were a whopping 83,673 exposed robots. And, the researchers warn in a white paper, the IRB 140 is "representative of a large class of industrial robots," vulnerabilities they found and exploited to hack it can probably be found in other robots.
Of course, the question everyone is probably asking themselves is: Potentially, could bad guys have used the vulnerabilities found by the researchers to kill people? When I asked Zanero, he answered with a careful "it depends."
"Modern robots can be cooperative, working in close contact with humans," Zanero explained. "They are built to be very safe (and they are!) but those safety measures are necessarily driven by software, and we showed how the current architecture allows attackers to disable some safety features."
The researchers' technical findings will be published in a paper presented at the IEEE Symposium on Security and Privacy on May 22.
This story has been updated to include ABB's comments.
Subscribe to Science Solved It, Motherboard's new show about the greatest mysteries that were solved by science.