SlideShare a Scribd company logo

Breaking the Laws of Robotics: Attacking Industrial Robots

Speck&Tech
Speck&Tech

ABSTRACT: Industrial robots are complex cyber-physical systems used for manufacturing, and a critical component of any modern factory. These robots aren't just electromechanical devices but include complex embedded controllers, which are often interconnected with other computers in the factory network, safety systems, and to the Internet for remote monitoring and maintenance. In this scenario, industrial routers also play a key role, because they directly expose the robot's controller. Therefore, the impact of a single, simple vulnerability can grant attackers an easy entry point. The talk will discuss how remote attackers are able to attack such robots up to the point where they can alter the manufactured product, physically damage the robot, steal industry secrets, or injure humans. BIO: Stefano Zanero received a PhD in Computer Engineering from Politecnico di Milano, where he is currently a full professor with the Dipartimento di Elettronica, Informazione e Bioingegneria. His research focuses on malware analysis, cyber-physical security, and cybersecurity in general. Besides teaching “Computer Security” and “Digital Forensics and Cybercrime” at Politecnico, he has extensive speaking and training experience in Italy and abroad. He co-authored over 100 scientific papers and books. He is a Senior Member of the IEEE and the IEEE Computer Society, which has named him a Distinguished Lecturer and Distinguished Contributor; he is a lifetime senior member of the ACM, which has named him a Distinguished Speaker; and has been named a Fellow of the ISSA (Information System Security Association). Stefano is also a co-founder and chairman of Secure Network, a leading cybersecurity assessment firm, and a co-founder of BankSealer, a startup in the FinTech sector that addresses fraud detection through machine learning techniques.

Technology
1 of 55
Download to read offline
Breaking the laws of robotics Attacking industrial robots Stefano Zanero Politecnico di Milano Partially based upon work with present and former colleagues and students: D. Quarta, M. Pogliani, M. Polino, F. Maggi, A. Zanchettin, M. Vittone
Originally disconnected systems Now opening up to the Internet Security as an afterthought Industrial CPS traits
Production-critical systems Difficult to update Long service life and forever days Not necessarily managed by corp. IT (“IT vs OT”) Industrial CPS traits
Cyber-Physical Systems Influence the physical environment Sometimes, critical systems (safety-wise, critical infra) Industrial CPS traits
CIA triad not so important, but: ● Safety ○ people, environment, equipment ● Production continuity ○ Production plant halting ○ Ransomware (“oh, I could ransom that, too”) ● Production outcome alteration ○ → safety? Threat Scenarios
Example: additive manufacturing micro-defects dr0wned - Cyber-Physical Attack with Additive Manufacturing, Sofia Belikovetsky, Mark Yampolskiy, Jinghui Toh, Yuval Elovici, WOOT ‘17
Industrial robots?
Screenshot of teach pendant + formatted code snippet on the side 1) Robots are flexibly programmable...
… and the program doesn’t say it all
2) Robots are extensible & connected source: http://developercenter.robotstudio.com source: abb.com source: https://universal-robots.com/plus
3) Robots are (sometimes) collaborative
We assess attack impactby reasoning on requirements
Requirements Safety I/O Accuracy Integrity
violating any of these requirements via a digital vector Requirements → Robot-Specific Attack Safety I/O Accuracy Integrity
Control Loop or Calibration Tampering Safety Accuracy Integrity Attack 2
Production Logic Tampering Safety Accuracy Integrity Attack 3
Displayed or Actual State Alteration Safety Accuracy Integrity Attacks 4+5 Displayed or Actual State Alteration
Displayed State Alteration Example Teach Pendant Malicious DLL
Compromising robot controllers
Attack surface USB port LAN Radio Services: Well-known (FTP) + custom (RobAPI)
Plenty of vulnerabilities ● BOF leading to RCE ABBVU-DMRO-124641 ● BOF in FlexPendant ABBVU-DMRO-124645 ● BOF in /command endpoint ABBVU-DMRO-128238 ● Command Injection ABBVU-DMRO-124642 ● Authentication bypass ABBVU-DMRO-124644
Takeaways Some memory corruption Mostly logical vulnerabilities Unprotected sensitive files (e.g. config) All the components blindly trust the main computer (lack of isolation)
Full Controller Exploitation
That’s how we implemented the attacks
What’s the Attack Surface?
Robots are meant to be connected
Connected Robots: Why? ● Now: monitoring & maintenance ISO 10218-2:2011 ● Enter the I4.0: active production planning/control ○ some vendors expose REST-like APIs ○ … up to the use of mobile devices for commands ● Future: app/library stores ○ “Industrial” version of robotappstore.com?
More in general: the “smart factory” ecosystem
ICS on the Internet
Not so many... Remote Exposure of Industrial Robots Search Entries Country ABB Robotics 5 DK, SE FANUC FTP 9 US, KR, FR, TW Yaskawa 9 CA, JP Kawasaki E Controller 4 DE Mitsubishi FTP 1 ID Overall 28 10
Remote Exposure of Industrial Routers ...way more! Unknown which routers are actually robot-connected
Trivially “Fingerprintable” (banners, firmware, manuals) Outdated Software Components Insecure Web Interface Industrial Routers: Typical Issues Cut & paste
Proprietary Languages Language Vendor RAPID ABB KRL KUKA MELFA BASIC Mitsubishi AS Kawasaki PDL2 COMAU PacScript DENSO URScript Universal-Robot KAREL FANUC
The DSL rabbithole
Vendor File System Directory Listing ABB ✔ ✔ KUKA ✔ Mitsubishi ✔ Kawasaki COMAU ✔ Indirect DENSO Universal-Robot FANUC ✔ ✔ Features: Handle File Resources
Features: Load new Code at Runtime Vendor File System Directory Listing Load Module From File Call By Name ABB ✔ ✔ ✔ ✔ KUKA ✔ Mitsubishi ✔ Kawasaki COMAU ✔ Indirect ✔ ✔ DENSO ✔ ✔ Universal-Robot FANUC ✔ ✔ ✔ ✔
Features: Network Communication Vendor File System Directory Listing Load Module From File Call By Name Communication ABB ✔ ✔ ✔ ✔ ✔ KUKA ✔ ✔ Mitsubishi ✔ ✔ Kawasaki ✔ COMAU ✔ Indirect ✔ ✔ ✔ DENSO ✔ ✔ ✔ Universal-Robot ✔ FANUC ✔ ✔ ✔ ✔ ✔
We Asked Automation Engineers... What language features do you use when programming robots?
We Found out that… •Developers can introduce vulnerabilities that can be exploited • Yes, we found vulnerable code published on GitHub •Threat actors can abuse the language features to write malware • Yes, we were able to write a network-capable, self-spreading malware dropper
Example: a vulnerable web server in RAPID
Example Web server root Robot controller Secrets stolen Outside the root
Sources and Sinks Attacker-controlled input concrete impact sensitive sources sensitive sinks File Inbound communication (e.g., network) Teach Pendant (UI) Robot Movement File Handling (e.g., read) File Modification (e.g., write configuration) Call by Name
1 2 3 4 We built an analyzer for (some) DSL CFG Generation Dataflow Analysis Task program’s source code Parsing RAPID parser KRL parser ... MoveJ point0 WaitTime 4 MoveL point1 WaitTime 5 ... ICFG Generatio n Potential Vulnerabilities Potentially Abused Features Insecure Patterns & Malicious Patterns
Detection Results •Hard to find public code (it’s intellectual property) •100 RAPID and KRL files on public repo (e.g., GitHub and GitLab) Vulnerability Projects Files Root Cause Network → Remote Function Exec 2 2 Dynamic code loading Network → File Access 1 4 Unfiltered open file Network → Arbitrary Movement 13 34 Unrestricted Move Joint or Move to point Detection Errors 2 12 Interrupts
•Exchange files via network Are These Languages Good to Write Malware? Vendor File System Directory Listing Load Module From File Call By Name Communication ABB ✔ ✔ ✔ ✔ ✔ KUKA ✔ ✔ Mitsubishi ✔ ✔ Kawasaki ✔ COMAU ✔ Indirect ✔ ✔ ✔ DENSO ✔ ✔ ✔ Universal-Robot ✔ FANUC ✔ ✔ ✔ ✔ ✔
•Load or send data via network •Jump to code available at runtime Are These Languages Good to Write Malware? Vendor File System Directory Listing Load Module From File Call By Name ABB ✔ ✔ ✔ ✔ KUKA ✔ Mitsubishi ✔ Kawasaki COMAU ✔ Indirect ✔ ✔ DENSO ✔ ✔ Universal-Robot FANUC ✔ ✔ ✔ ✔
•Load or send data via network •Jump to code available at runtime •Scan the network for targets Are These Languages Good to Write Malware? Vendor Communication ABB ✔ KUKA ✔ Mitsubishi ✔ Kawasaki ✔ COMAU ✔ DENSO ✔ Universal-Robot ✔ FANUC ✔
•Load or send data via network •Jump to code available at runtime •Scan the network for targets •Turing-complete language Are These Languages Good to Write Malware?
Conclusions
Manufacturing systems increasingly connected Industrial-specific classes of attacks Domain-specific languages vulnerabilities Cooperative robotics challenges Conclusions
Stefano Zanero stefano.zanero@polimi.it @raistolo For further details, scientific papers, and more: http://robosec.org Questions?

Recommended

IOT Exploitation
IOT Exploitation IOT Exploitation
IOT Exploitation Cysinfo Cyber Security Community
 
The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017Jian-Hong Pan
 
Open Source IoT Project Flogo - Introduction, Overview and Architecture
Open Source IoT Project Flogo - Introduction, Overview and ArchitectureOpen Source IoT Project Flogo - Introduction, Overview and Architecture
Open Source IoT Project Flogo - Introduction, Overview and ArchitectureKai Wähner
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfssuser57b3e5
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
Attacking Proprietary Android Vendor Customizations
Attacking Proprietary Android Vendor CustomizationsAttacking Proprietary Android Vendor Customizations
Attacking Proprietary Android Vendor CustomizationsRoberto Natella
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatDuo Security
 
Analyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of ThingsAnalyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of ThingsIke Clinton
 

Recommended

IOT Exploitation
IOT Exploitation IOT Exploitation
IOT Exploitation Cysinfo Cyber Security Community
 
The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017Jian-Hong Pan
 
Open Source IoT Project Flogo - Introduction, Overview and Architecture
Open Source IoT Project Flogo - Introduction, Overview and ArchitectureOpen Source IoT Project Flogo - Introduction, Overview and Architecture
Open Source IoT Project Flogo - Introduction, Overview and ArchitectureKai Wähner
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfssuser57b3e5
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
Attacking Proprietary Android Vendor Customizations
Attacking Proprietary Android Vendor CustomizationsAttacking Proprietary Android Vendor Customizations
Attacking Proprietary Android Vendor CustomizationsRoberto Natella
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatDuo Security
 
Analyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of ThingsAnalyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of ThingsIke Clinton
 
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It PosesEnterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It PosesAlex Senkevitch
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022lior mazor
 
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Maksim Shudrak
 
Resin.io overview (2016 July)
Resin.io overview (2016 July)Resin.io overview (2016 July)
Resin.io overview (2016 July)Balena
 
Track 4 session 6 - st dev con 2016 - samsung artik
Track 4 session 6 - st dev con 2016 - samsung artikTrack 4 session 6 - st dev con 2016 - samsung artik
Track 4 session 6 - st dev con 2016 - samsung artikST_World
 
IoT and the Role of Platforms
IoT and the Role of PlatformsIoT and the Role of Platforms
IoT and the Role of PlatformsTiE Bangalore
 
Why Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD WorkforceWhy Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD WorkforceGlobal Knowledge Training
 
Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers" Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers" shawn_merdinger
 
Deep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudDeep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudsparkfabrik
 
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoTInria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoTStéphanie Roger
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Sessionveerababu penugonda(Mr-IoT)
 
FIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for Robots
FIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for RobotsFIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for Robots
FIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for RobotsFIWARE
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...Felipe Prado
 
The internet of things in now , see how golang is a part of this evolution
The internet of things in now , see how golang is a part of this evolutionThe internet of things in now , see how golang is a part of this evolution
The internet of things in now , see how golang is a part of this evolutionYoni Davidson
 
Going Beyond the Device Heart Beat
Going Beyond the Device Heart BeatGoing Beyond the Device Heart Beat
Going Beyond the Device Heart BeatBalwinder Kaur
 
Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)
Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)
Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)Kai Wähner
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar Santhosh Kumar
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723Iftach Ian Amit
 
aibo introduction at ROSCon2018@Madrid
aibo introduction at ROSCon2018@Madridaibo introduction at ROSCon2018@Madrid
aibo introduction at ROSCon2018@MadridTomoya Fujita
 
Mainflux - Hyperscalable Unified IoT Platform
Mainflux - Hyperscalable Unified IoT PlatformMainflux - Hyperscalable Unified IoT Platform
Mainflux - Hyperscalable Unified IoT PlatformSasa Klopanovic
 
What should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futuresWhat should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futuresSpeck&Tech
 
Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"Speck&Tech
 

More Related Content

Similar to Breaking the Laws of Robotics: Attacking Industrial Robots

Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It PosesEnterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It PosesAlex Senkevitch
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022lior mazor
 
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Maksim Shudrak
 
Resin.io overview (2016 July)
Resin.io overview (2016 July)Resin.io overview (2016 July)
Resin.io overview (2016 July)Balena
 
Track 4 session 6 - st dev con 2016 - samsung artik
Track 4 session 6 - st dev con 2016 - samsung artikTrack 4 session 6 - st dev con 2016 - samsung artik
Track 4 session 6 - st dev con 2016 - samsung artikST_World
 
IoT and the Role of Platforms
IoT and the Role of PlatformsIoT and the Role of Platforms
IoT and the Role of PlatformsTiE Bangalore
 
Why Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD WorkforceWhy Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD WorkforceGlobal Knowledge Training
 
Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers" Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers" shawn_merdinger
 
Deep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudDeep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudsparkfabrik
 
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoTInria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoTStéphanie Roger
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Sessionveerababu penugonda(Mr-IoT)
 
FIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for Robots
FIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for RobotsFIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for Robots
FIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for RobotsFIWARE
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...Felipe Prado
 
The internet of things in now , see how golang is a part of this evolution
The internet of things in now , see how golang is a part of this evolutionThe internet of things in now , see how golang is a part of this evolution
The internet of things in now , see how golang is a part of this evolutionYoni Davidson
 
Going Beyond the Device Heart Beat
Going Beyond the Device Heart BeatGoing Beyond the Device Heart Beat
Going Beyond the Device Heart BeatBalwinder Kaur
 
Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)
Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)
Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)Kai Wähner
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar Santhosh Kumar
 
aibo introduction at ROSCon2018@Madrid
aibo introduction at ROSCon2018@Madridaibo introduction at ROSCon2018@Madrid
aibo introduction at ROSCon2018@MadridTomoya Fujita
 
Mainflux - Hyperscalable Unified IoT Platform
Mainflux - Hyperscalable Unified IoT PlatformMainflux - Hyperscalable Unified IoT Platform
Mainflux - Hyperscalable Unified IoT PlatformSasa Klopanovic
 

Similar to Breaking the Laws of Robotics: Attacking Industrial Robots (20)

Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It PosesEnterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
 
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
 
Resin.io overview (2016 July)
Resin.io overview (2016 July)Resin.io overview (2016 July)
Resin.io overview (2016 July)
 
Track 4 session 6 - st dev con 2016 - samsung artik
Track 4 session 6 - st dev con 2016 - samsung artikTrack 4 session 6 - st dev con 2016 - samsung artik
Track 4 session 6 - st dev con 2016 - samsung artik
 
IoT and the Role of Platforms
IoT and the Role of PlatformsIoT and the Role of Platforms
IoT and the Role of Platforms
 
Why Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD WorkforceWhy Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD Workforce
 
Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers" Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers"
 
Deep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudDeep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloud
 
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoTInria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
 
FIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for Robots
FIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for RobotsFIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for Robots
FIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for Robots
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
 
The internet of things in now , see how golang is a part of this evolution
The internet of things in now , see how golang is a part of this evolutionThe internet of things in now , see how golang is a part of this evolution
The internet of things in now , see how golang is a part of this evolution
 
Going Beyond the Device Heart Beat
Going Beyond the Device Heart BeatGoing Beyond the Device Heart Beat
Going Beyond the Device Heart Beat
 
Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)
Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)
Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723
 
aibo introduction at ROSCon2018@Madrid
aibo introduction at ROSCon2018@Madridaibo introduction at ROSCon2018@Madrid
aibo introduction at ROSCon2018@Madrid
 
Mainflux - Hyperscalable Unified IoT Platform
Mainflux - Hyperscalable Unified IoT PlatformMainflux - Hyperscalable Unified IoT Platform
Mainflux - Hyperscalable Unified IoT Platform
 

More from Speck&Tech

What should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futuresWhat should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futuresSpeck&Tech
 
Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"Speck&Tech
 
AWS: gestire la scalabilità su larga scala
AWS: gestire la scalabilità su larga scalaAWS: gestire la scalabilità su larga scala
AWS: gestire la scalabilità su larga scalaSpeck&Tech
 
Praticamente... AWS - Amazon Web Services
Praticamente... AWS - Amazon Web ServicesPraticamente... AWS - Amazon Web Services
Praticamente... AWS - Amazon Web ServicesSpeck&Tech
 
Data Sense-making: navigating the world through the lens of information design
Data Sense-making: navigating the world through the lens of information designData Sense-making: navigating the world through the lens of information design
Data Sense-making: navigating the world through the lens of information designSpeck&Tech
 
Data Activism: data as rhetoric, data as power
Data Activism: data as rhetoric, data as powerData Activism: data as rhetoric, data as power
Data Activism: data as rhetoric, data as powerSpeck&Tech
 
Delve into the world of the human microbiome and metagenomics
Delve into the world of the human microbiome and metagenomicsDelve into the world of the human microbiome and metagenomics
Delve into the world of the human microbiome and metagenomicsSpeck&Tech
 
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...Speck&Tech
 
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...Speck&Tech
 
Why LLMs should be handled with care
Why LLMs should be handled with careWhy LLMs should be handled with care
Why LLMs should be handled with careSpeck&Tech
 
Building intelligent applications with Large Language Models
Building intelligent applications with Large Language ModelsBuilding intelligent applications with Large Language Models
Building intelligent applications with Large Language ModelsSpeck&Tech
 
Privacy in the era of quantum computers
Privacy in the era of quantum computersPrivacy in the era of quantum computers
Privacy in the era of quantum computersSpeck&Tech
 
Machine learning with quantum computers
Machine learning with quantum computersMachine learning with quantum computers
Machine learning with quantum computersSpeck&Tech
 
Give your Web App superpowers by using GPUs
Give your Web App superpowers by using GPUsGive your Web App superpowers by using GPUs
Give your Web App superpowers by using GPUsSpeck&Tech
 
From leaf to orbit: exploring forests with technology
From leaf to orbit: exploring forests with technologyFrom leaf to orbit: exploring forests with technology
From leaf to orbit: exploring forests with technologySpeck&Tech
 
Innovating Wood
Innovating WoodInnovating Wood
Innovating WoodSpeck&Tech
 
Behind the scenes of our everyday Internet: the role of an IXP like MIX
Behind the scenes of our everyday Internet: the role of an IXP like MIXBehind the scenes of our everyday Internet: the role of an IXP like MIX
Behind the scenes of our everyday Internet: the role of an IXP like MIXSpeck&Tech
 
Architecting a 35 PB distributed parallel file system for science
Architecting a 35 PB distributed parallel file system for scienceArchitecting a 35 PB distributed parallel file system for science
Architecting a 35 PB distributed parallel file system for scienceSpeck&Tech
 
Truck planning: how to certify the right route
Truck planning: how to certify the right routeTruck planning: how to certify the right route
Truck planning: how to certify the right routeSpeck&Tech
 
Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...
Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...
Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...Speck&Tech
 

More from Speck&Tech (20)

What should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futuresWhat should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futures
 
Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"
 
AWS: gestire la scalabilità su larga scala
AWS: gestire la scalabilità su larga scalaAWS: gestire la scalabilità su larga scala
AWS: gestire la scalabilità su larga scala
 
Praticamente... AWS - Amazon Web Services
Praticamente... AWS - Amazon Web ServicesPraticamente... AWS - Amazon Web Services
Praticamente... AWS - Amazon Web Services
 
Data Sense-making: navigating the world through the lens of information design
Data Sense-making: navigating the world through the lens of information designData Sense-making: navigating the world through the lens of information design
Data Sense-making: navigating the world through the lens of information design
 
Data Activism: data as rhetoric, data as power
Data Activism: data as rhetoric, data as powerData Activism: data as rhetoric, data as power
Data Activism: data as rhetoric, data as power
 
Delve into the world of the human microbiome and metagenomics
Delve into the world of the human microbiome and metagenomicsDelve into the world of the human microbiome and metagenomics
Delve into the world of the human microbiome and metagenomics
 
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
 
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
 
Why LLMs should be handled with care
Why LLMs should be handled with careWhy LLMs should be handled with care
Why LLMs should be handled with care
 
Building intelligent applications with Large Language Models
Building intelligent applications with Large Language ModelsBuilding intelligent applications with Large Language Models
Building intelligent applications with Large Language Models
 
Privacy in the era of quantum computers
Privacy in the era of quantum computersPrivacy in the era of quantum computers
Privacy in the era of quantum computers
 
Machine learning with quantum computers
Machine learning with quantum computersMachine learning with quantum computers
Machine learning with quantum computers
 
Give your Web App superpowers by using GPUs
Give your Web App superpowers by using GPUsGive your Web App superpowers by using GPUs
Give your Web App superpowers by using GPUs
 
From leaf to orbit: exploring forests with technology
From leaf to orbit: exploring forests with technologyFrom leaf to orbit: exploring forests with technology
From leaf to orbit: exploring forests with technology
 
Innovating Wood
Innovating WoodInnovating Wood
Innovating Wood
 
Behind the scenes of our everyday Internet: the role of an IXP like MIX
Behind the scenes of our everyday Internet: the role of an IXP like MIXBehind the scenes of our everyday Internet: the role of an IXP like MIX
Behind the scenes of our everyday Internet: the role of an IXP like MIX
 
Architecting a 35 PB distributed parallel file system for science
Architecting a 35 PB distributed parallel file system for scienceArchitecting a 35 PB distributed parallel file system for science
Architecting a 35 PB distributed parallel file system for science
 
Truck planning: how to certify the right route
Truck planning: how to certify the right routeTruck planning: how to certify the right route
Truck planning: how to certify the right route
 
Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...
Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...
Break it up! 5G, cruise control, autonomous vehicle cooperation, and bending ...
 

Recently uploaded

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Recently uploaded (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Breaking the Laws of Robotics: Attacking Industrial Robots

  • 1. Breaking the laws of robotics Attacking industrial robots Stefano Zanero Politecnico di Milano Partially based upon work with present and former colleagues and students: D. Quarta, M. Pogliani, M. Polino, F. Maggi, A. Zanchettin, M. Vittone
  • 2. Originally disconnected systems Now opening up to the Internet Security as an afterthought Industrial CPS traits
  • 3. Production-critical systems Difficult to update Long service life and forever days Not necessarily managed by corp. IT (“IT vs OT”) Industrial CPS traits
  • 4. Cyber-Physical Systems Influence the physical environment Sometimes, critical systems (safety-wise, critical infra) Industrial CPS traits
  • 5. CIA triad not so important, but: ● Safety ○ people, environment, equipment ● Production continuity ○ Production plant halting ○ Ransomware (“oh, I could ransom that, too”) ● Production outcome alteration ○ → safety? Threat Scenarios
  • 6. Example: additive manufacturing micro-defects dr0wned - Cyber-Physical Attack with Additive Manufacturing, Sofia Belikovetsky, Mark Yampolskiy, Jinghui Toh, Yuval Elovici, WOOT ‘17
  • 8.
  • 9. Screenshot of teach pendant + formatted code snippet on the side 1) Robots are flexibly programmable...
  • 10. … and the program doesn’t say it all
  • 11. 2) Robots are extensible & connected source: http://developercenter.robotstudio.com source: abb.com source: https://universal-robots.com/plus
  • 12. 3) Robots are (sometimes) collaborative
  • 15. violating any of these requirements via a digital vector Requirements → Robot-Specific Attack Safety I/O Accuracy Integrity
  • 16. Control Loop or Calibration Tampering Safety Accuracy Integrity Attack 2
  • 18. Displayed or Actual State Alteration Safety Accuracy Integrity Attacks 4+5 Displayed or Actual State Alteration
  • 19. Displayed State Alteration Example Teach Pendant Malicious DLL
  • 21.
  • 23. Plenty of vulnerabilities ● BOF leading to RCE ABBVU-DMRO-124641 ● BOF in FlexPendant ABBVU-DMRO-124645 ● BOF in /command endpoint ABBVU-DMRO-128238 ● Command Injection ABBVU-DMRO-124642 ● Authentication bypass ABBVU-DMRO-124644
  • 24. Takeaways Some memory corruption Mostly logical vulnerabilities Unprotected sensitive files (e.g. config) All the components blindly trust the main computer (lack of isolation)
  • 26. That’s how we implemented the attacks
  • 28. Robots are meant to be connected
  • 29. Connected Robots: Why? ● Now: monitoring & maintenance ISO 10218-2:2011 ● Enter the I4.0: active production planning/control ○ some vendors expose REST-like APIs ○ … up to the use of mobile devices for commands ● Future: app/library stores ○ “Industrial” version of robotappstore.com?
  • 30. More in general: the “smart factory” ecosystem
  • 31. ICS on the Internet
  • 32. Not so many... Remote Exposure of Industrial Robots Search Entries Country ABB Robotics 5 DK, SE FANUC FTP 9 US, KR, FR, TW Yaskawa 9 CA, JP Kawasaki E Controller 4 DE Mitsubishi FTP 1 ID Overall 28 10
  • 33. Remote Exposure of Industrial Routers ...way more! Unknown which routers are actually robot-connected
  • 34. Trivially “Fingerprintable” (banners, firmware, manuals) Outdated Software Components Insecure Web Interface Industrial Routers: Typical Issues Cut & paste
  • 35. Proprietary Languages Language Vendor RAPID ABB KRL KUKA MELFA BASIC Mitsubishi AS Kawasaki PDL2 COMAU PacScript DENSO URScript Universal-Robot KAREL FANUC
  • 37. Vendor File System Directory Listing ABB ✔ ✔ KUKA ✔ Mitsubishi ✔ Kawasaki COMAU ✔ Indirect DENSO Universal-Robot FANUC ✔ ✔ Features: Handle File Resources
  • 38. Features: Load new Code at Runtime Vendor File System Directory Listing Load Module From File Call By Name ABB ✔ ✔ ✔ ✔ KUKA ✔ Mitsubishi ✔ Kawasaki COMAU ✔ Indirect ✔ ✔ DENSO ✔ ✔ Universal-Robot FANUC ✔ ✔ ✔ ✔
  • 39. Features: Network Communication Vendor File System Directory Listing Load Module From File Call By Name Communication ABB ✔ ✔ ✔ ✔ ✔ KUKA ✔ ✔ Mitsubishi ✔ ✔ Kawasaki ✔ COMAU ✔ Indirect ✔ ✔ ✔ DENSO ✔ ✔ ✔ Universal-Robot ✔ FANUC ✔ ✔ ✔ ✔ ✔
  • 40. We Asked Automation Engineers... What language features do you use when programming robots?
  • 41. We Found out that… •Developers can introduce vulnerabilities that can be exploited • Yes, we found vulnerable code published on GitHub •Threat actors can abuse the language features to write malware • Yes, we were able to write a network-capable, self-spreading malware dropper
  • 42. Example: a vulnerable web server in RAPID
  • 44. Sources and Sinks Attacker-controlled input concrete impact sensitive sources sensitive sinks File Inbound communication (e.g., network) Teach Pendant (UI) Robot Movement File Handling (e.g., read) File Modification (e.g., write configuration) Call by Name
  • 45. 1 2 3 4 We built an analyzer for (some) DSL CFG Generation Dataflow Analysis Task program’s source code Parsing RAPID parser KRL parser ... MoveJ point0 WaitTime 4 MoveL point1 WaitTime 5 ... ICFG Generatio n Potential Vulnerabilities Potentially Abused Features Insecure Patterns & Malicious Patterns
  • 46. Detection Results •Hard to find public code (it’s intellectual property) •100 RAPID and KRL files on public repo (e.g., GitHub and GitLab) Vulnerability Projects Files Root Cause Network → Remote Function Exec 2 2 Dynamic code loading Network → File Access 1 4 Unfiltered open file Network → Arbitrary Movement 13 34 Unrestricted Move Joint or Move to point Detection Errors 2 12 Interrupts
  • 47. •Exchange files via network Are These Languages Good to Write Malware? Vendor File System Directory Listing Load Module From File Call By Name Communication ABB ✔ ✔ ✔ ✔ ✔ KUKA ✔ ✔ Mitsubishi ✔ ✔ Kawasaki ✔ COMAU ✔ Indirect ✔ ✔ ✔ DENSO ✔ ✔ ✔ Universal-Robot ✔ FANUC ✔ ✔ ✔ ✔ ✔
  • 48. •Load or send data via network •Jump to code available at runtime Are These Languages Good to Write Malware? Vendor File System Directory Listing Load Module From File Call By Name ABB ✔ ✔ ✔ ✔ KUKA ✔ Mitsubishi ✔ Kawasaki COMAU ✔ Indirect ✔ ✔ DENSO ✔ ✔ Universal-Robot FANUC ✔ ✔ ✔ ✔
  • 49. •Load or send data via network •Jump to code available at runtime •Scan the network for targets Are These Languages Good to Write Malware? Vendor Communication ABB ✔ KUKA ✔ Mitsubishi ✔ Kawasaki ✔ COMAU ✔ DENSO ✔ Universal-Robot ✔ FANUC ✔
  • 50. •Load or send data via network •Jump to code available at runtime •Scan the network for targets •Turing-complete language Are These Languages Good to Write Malware?
  • 51.
  • 52.
  • 54. Manufacturing systems increasingly connected Industrial-specific classes of attacks Domain-specific languages vulnerabilities Cooperative robotics challenges Conclusions
  • 55. Stefano Zanero stefano.zanero@polimi.it @raistolo For further details, scientific papers, and more: http://robosec.org Questions?