Cybersecurity and Robots
All is well here at Woesnotgone Meadow, where everyone has above average bandwidth.
In the Meadow, we don’t have any significant manufacturing industries or facilities. The closest we have is a factory which assembles vehicle air fresheners. Although we don’t have much in the way of heavy industry within our bounds, our residents certainly are aware of these facilities.
Within these large facilities, robots abound, lifting the heavy or size-awkward parts in a precision ballet. To watch the process is an amazing feat of science. These robots, while completing these tasks as more of a science than art, also present endpoints to attack. To acquire a list of these to probe and attack, could take a bit of time, and could be hit and miss. Fortunately, there’s a tool for this.
Aztarna
To save time and energy, and effort, Alias Robotics coded, in Python, the open source tool Aztarna. Alias Robotics, while a start-up, did create this valuable tool. The term Aztarna is “footprint” in Basque. In short, this is a port scanning tool and compares its scanning results with its database of fingerprints for individual controls and robotic technology and its components. The tool does robot foot printing, auditing of internet connected robots, and identifying/locating robots and their components. This was engineered to operate in different modes, dependent on the different pen testing use cases.
Uses
As described, this is a robot scanning tool, which seeks robots and the components open on the internet. This is used to track the robotics connected to the internet and powered by any robotic technology (e.g. ROS (Robot Operating System) and SROS (Secure ROS)). The primary focus of the tool are industrial robots and robots used as a part of daily operations. They may be used in the manufacturing industries on the production floor to assemble, for instance.
Targets
The tool begins by seeking specific routers. Within the robotics field, there are a limited number of manufacturers whose routers are used. These historically have been Siena Wireless, Ewon, Moxa, and Westermo.
Initially, the tool was used to scan globally, not only in the US. This scan detected 9000 insecure industrial routers hosting the targeted robots. Of the 9000, 1586 routers were in Europe. These were detected as they were misconfigured. Of this Europe sub-population, France and Spain had the most routers. In comparison the US and Canada had far fewer.
A later scan of 26801 routers identified 8958, or approximately 33%, were insecure. These were using default or weak credentials, or not requiring authentication. Of these, Columbia had the greatest number of misconfigured and insecure devices with 26 each and all of these were using default credentials.
The researchers also scanned for open ROS Master in port 11311. Aztarna was configured to verify if the hosts were corresponding to ROS running machines. The tool detected 106 ROS systems. Of these 52 were located in the US and 16 in South Korea. A portion of these were noted as being connected to simulations or not connected to actual robots.
Vulnerability
The robots were the end target. The insecurities are the clear threat to the manufacturer’s cybersecurity. These manufacturers may not be giving this as much attention as needed. As too many of these have no, default, or weak authentication in place, there is a problem. When these systems are down, as when an attacker would successfully breach one of these systems and shut down one or more robots, every second is revenue and money lost to the company. Dependent on the size of the manufacturer, this could be hundreds of thousands a day to millions. The amount of lost revenue, depending also on the workflow and orders being worked on, is amazing, to the detriment to those with compromised systems, or when ransomware is applied to the robots. To say the least, it is prudent for the manufacturers to review this.
Responsible Disclosure
The researchers noted the vulnerable robots and components from the scans. After the scan results, the researchers did not just hold the results and not do anything positive with this. They did not want the manufacturers to continue with their security by obscurity. This approach in the long-term has never worked well. The manufacturers were notified of the vulnerabilities.
Thanks for visiting Woesnotgone Meadow, where the encryption is strong, and the O/Ss are always using the latest encryption.
Resources
Alias Robotics. (2019, January 16). Researchers publish a tool to hunt for hackable robots connected to the internet. Retrieved from https://news.aliarobots.com/researhcers-publish-a-tool-to-hunt-for-hackable-robots-connected-to-the-internet/
Happich, J. (2019, January 22). Open-source scanning tool can find vulnerable robots. Retrieved from https://www.eenewsembedded.com/news/open-source-scanning-tool-can-find-vulnerable-robots#
Kumar, M. (2019, January 28). Researchers release tool that finds vulnerable robots on the internet. Retrieved from https://thehackernews.com/2019/01/robot-cybersecurity-tool.html
Waqas. (2019, January 28). Meet aztarna, a tool to find vulnerable internet connected robots. Retrieved from https://www.hackread.com/aztarna-tools-find-vulnerable-internet-connected-robots/
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.