Industrial robots that build cars can be lightly hacked
Sean Gallup / Getty
Industrial robots are responsible for making almost every device you use: Your phone, your computer, cars, airplanes, you name it.
It’s amazingly significant for robots to do exactly what the factory programmed the robots to do, which is why the findings from a report released today from cyber security stiff Trend Micro that exposes how these machines are utterly vulnerable to hackers is so troubling.
After all, if a robot makes a car part that’s altered just few milimeters from its original design, it could cause the vehicle to malfunction and crash.
The researchers looked at industrial robots from five major robot manufacturers: ABB, Fanuc, Mitsubishi, Kawasaki and Yaskawa.
In latest years, more and more factories have been connecting their robots to the internet to monitor or update the machines remotely. But like anything that’s connected to the internet, robots too have become vulnerable to hackers.
Take an industrial robot from ABB that the researchers tested. In that robot, they were able to switch the details about how the robot is configured in order to introduce an error that caused the machine to slightly switch how it operated.
After programming the robot to draw a straight line, the team then hacked it to draw a line that was two milimeters off from the line it was originally programmed to draw.
“If these robots are welding a car chassis together or a wing on an airplane, two milimeters can be catastrophic,” said Mark Nunnikhoven, the vice president of cloud research at Trend Micro.
Robot controllers, which are typically handheld screens with buttons that are used for operating or programming the machines, are also often remotely accessible through the internet, and those internet connections are not always secure.
It was through unsecured network connections that the researchers were able to alter the configuration file in the ABB robot that caused it to draw the line wrong in their tests.
The researchers said robots from other manufacturers had similar security crevices, but ABB was the only company that lent the team a robot to test for vulnerabilities.
Many of the industrial robots probed also had security issues with how users were authenticated to access them. Some systems didn’t require a password at all and others used unchangeable default usernames and passwords, according to the report.
These authentication problems make industrial robots vulnerable to something like what happened with the Mirai attack last year, said Nunnikhoven. That attack was able to take advantage of hundreds of thousands of internet-connected devices across the world because they all had hard-coded usernames and passwords.
The good news is that many of the vulnerabilities that were found are effortless to fix. But some of the security slots that were discovered are fundamental to the design of the robots, which were not originally built to be connected to the internet.
Nunnikhoven said that ABB responded right away and began to fix the security crevices that were found.
Trend Micro is in conversations with the other manufacturers that had robots tested about securing their machinery from hackers too, but the security rock-hard would not go into detail about the status of those talks.
Subscribe to the Recode newsletter
Sign up for our Recode Daily newsletter to get the top tech and business news stories delivered to your inbox.