Imagine what you could do if you controlled the 220-pound arm of an industrial robot. That’s exactly what researchers set out to do in an experiment that revealed security vulnerabilities in robots that manufacture everything from phones to cars.
Conducted by the security firm Trend Micro and Politecnico di Milano, an Italian technical university, the researchers spent over a year finding different ways to hack industrial robots connected to the internet. The robots in the study were made by five of the industry’s biggest manufacturers: ABB, Mitsubishi, Fanuc, Yaskawa and Kawasaki.
Ultimately, the researchers found multiple inroads into the robots’ operating systems. In one case they were able to reconfigure a robot’s programming to make it draw a line two millimeters off from the intended target. That change might seem miniscule — unless you consider how it could dramatically alter the safety of a car or an airplane.
“If these robots are welding a car chassis together or a wing on an airplane, two millimeters can be catastrophic,” Mark Nunnikhoven, the vice president of cloud research at Trend Micro, said.
What’s more, if a hacker was able to physically access the robot or get onto the same local network, they could rewrite the device’s firmware. This would allow the hacker to wield the robot even though it would appear as though the operator was in control.
Sound a little frightening? In the study, the hackers imagine a scenario where the robot arm bends backward and destroys itself. An even more gruesome possibility: a compromised robot that appears to be functioning normally could trick an employee into entering its cage and cause physical harm.
“The operator thinks it is safe to walk or stand near the robot even if in that very moment, an attacker is controlling its movements," the report read.
After the researchers contacted ABB — the main subject of the study — about the security issues, the company responded by sending out fixes for all of the bugs.
"Testing is a critical process to stay ahead of new cyber security threats," the company said in a statement. "The results [of the Trend Micro tests] emphasize the importance of using a secure network, since the testing used an unsecured network connection."
Trend Micro is reportedly talking to other manufacturers about how they can sew up their security loopholes as well.
While these solutions are encouraging, the researchers note that if ABB’s robots are this hackable, then other robots are likely to be as well. The industry has a ways to be before its robots are less vulnerable to being hacked.
