Industrial robots are dominating — but are they safe from cyber-attacks?

Millions of industrial robots will be used in manufacturing worldwide by 2022, but how secure will they be?
10 August 2020

Industrial robots are on the rise. Source: Shutterstock

  • Some 4 million industrial robots will be employed in factories worldwide by 2022
  • But flaws in robotics systems could lead to hackers extracting vulnerable data and even interfering with a robot’s movement 

The pandemic has repeatedly reaffirmed our needs for robots. The time has come for industrial robots to take over factory floors and showcase the suite of benefits they bring to manufacturing.

Robots are generally known to automate repetitive tasks and free up valuable time for their human colleagues to take on more complex and creative tasks; the current social distancing measures have built a stronger case as to why we need robots

Industrial robots have a long legacy of assembling everything from heavy automobiles, airplanes, electrical appliances, and are now even bring developed for more domestic tasks such as sorting out your trash.

Globally, robots have demonstrated remarkable versatility and strength in taking over human labor with consistent speed and precision. This highly efficient employee has won over factory owners. The global industrial robot market size is predicted to hit US$66.48 billion by 2027, exhibiting a CAGR of 15.1% during the forecast period, states Fortune Business Insights.

Although there is a phenomenal growth in industrial robots, a new report titled Rogue Automation by Trend Micro Research found that some robots have existing flaws that make them susceptible to cyber-attacks. 

The research paper aims to “reveal previously unknown design flaws that malicious actors could exploit to hide malicious functionalities in industrial robots and other automated, programmable manufacturing machines.”

Since robots are generally connected to networks and programmed via software, they could potentially pose as entry points for bad actors. The report listed several real-life examples of flaws found in the software produced and distributed by Swiss-Swedish multinational corporation ABB, one of the world’s largest industrial robot producers. Researchers also spotted vulnerabilities in the popular open-source software named “Robot Operating System Industrial” or ROS-I.  

Researchers discovered vulnerabilities in an app written in ABB’s proprietary programming language and used to automate industrial machines. The discovered flaw is the very tool that hackers can leverage on and gain access to networks, exfiltrating valuable files, and sensitive data.

“Industrial secrets are traded for very high prices in underground marketplaces and have become one of the main targets of cyberwarfare operations,” the study noted. 

The research also found a vulnerability that attackers can exploit to interfere with a robot’s movements via a network. By spoofing (an unknown source disguising as a known, trusted source to communicate) network packets, attackers can cause unintended movements or interrupt existing flows of set procedure, but adequately configured safety systems could make it challenging for hackers to succeed. This vulnerability found in a ROS-I’s software component was written for Kuka and ABB robots. 

The report clarified that appropriate measures were taken to deal with the discovered vulnerability.One was removed by the vendor (ABB) upon our responsible disclosure. The other vulnerabilities fostered a fruitful conversation with ROS-Industrial, which led to the development of some of the mitigation recommendations described,” as written in the report.

Robotics are continuing to show their worth on the factory floors, and while they’ve been a fixture in many industries such as car manufacturing for decades, they are becoming increasingly advanced and versatile. Artificial intelligence (AI), machine learning (ML), cloud, and 5G are fueling the evolution of highly automated and increasingly intelligent industrial robots. 

The International Federation of Robotics estimates that by 2022, we will see close to 4 million industrial robots in factories worldwide. At the same time, the intricately connected networks between machines and systems are susceptible to the growing scale and robustness of cyberattacks.

Dr. Nicholas Patterson, a cybersecurity lecturer at Deakin University, commented that the security risks are not limited to industrial robots but also home-based robots such as robotic vacuum cleaners and drones.