With the rise in robots hitting factories these days, security apparently is not a major factor in the initial design.
That is because robots are easy attack victims. So, not only does this pose a security problem, it also presents a safety issue.
Numerous factory robots have weak network security, using simple combinations of username and passwords that couldn’t even be changed; others didn’t even need a password, said researches at Trend Micro.
Trend Micro looked at robots from several firms: ABB, Fanuc, Mitsubishi, Kawasaki, and Yaskawa. The research paper found not only do these have poor network security but they aren’t faring much better when it comes to software protection either. Some, the researchers said, even ran on outdated software.
Tens of thousands of robots using public IP addresses ended up discovered, which means they were extremely easy to hack.
Some of these industrial machines can receive commands from operators from afar, from a computer or phone. If the connection linking the two is not secure, hackers could use this vulnerability to hijack the machines.
They even went as far as to film a test on a robot programmed to draw a straight line. Researchers reverse engineered the RobotWare control program and the connected software and had the machine draw a line that was 2 millimeters off. That may seem like a small deed, but when applied to certain products these robots are built to create, the slightest miscalculation can translate into a catastrophe.
“In industrial devices, the impact of a single, simple software vulnerability can already have serious consequences. Depending on the actual setup and security posture of the targeted smart factory, attackers could trigger attacks that could amount to massive financial damage to the company in question or at worst, even affect critical goods,” researchers said.
“As improvements in the way industrial robots work and communicate increase their complexity and interconnectedness, the industrial robots sector unlocks a broader attack surface,” researchers said.