14 DAY TRIAL // In perhaps one of the scariest findings in recent months, researchers have discovered that factory robots can easily be hacked. This, of course, could have grave effects on entire industries and pose safety issues.
Cybersecurity firm Trend Micro has found that numerous factory robots have a weak network security, using simple combinations of username and passwords that couldn't even be changed; others didn't even need a password. Imagine having an email account that doesn't need a password and then expand the implications of that to your personal security to robots that build cars and bikes and so on.
Trend Micro looked at robots from several firms: ABB, Fanuc, Mitsubishi, Kawasaki, and Yaskawa. The research paper indicates that not only do these have poor network security but they aren't faring much better when it comes to software protection either. Some, the researchers said, even ran on outdated software.
Tens of thousands of robots using public IP addresses were discovered, which means they were extremely easy to hack.
Some of these industrial machines can receive commands from operators from afar, from a computer or phone. If the connection linking the two is not secure, hackers could use this vulnerability to hijack the machines.
They even went as far as to film a test on an ABB robot programmed to draw a straight line. Researchers reverse engineered the RobotWare control program and the connected software and had the machine draw a line that was 2 millimeters off. That may seem like a small deed, but when applied to certain products these robots are built to create, the slightest miscalculation can translate into a catastrophe.
The security problems of the IIoT
"One of the most alarming findings in the Trend Micro report on vulnerable robots used in manufacturing was how easily it is for hackers, although in this case “researchers,” to discover exposed industrial devices online. The report goes as far as implying that there is a vast map available, where all roads lead to the industrial IoT," notes Mocana CTO Dean Weber, a 30-year security industry veteran.
"The ease by which attackers can make their way into industrial systems underscores the need to secure devices at their core, by embedding defense in the hardware and firmware used to operate things like robotic arms. There is simply no way, as this report shows, to stop cybercriminals from finding ways into manufacturing plants and other industrial facilities via the Internet. There, are, however, ways to stop intruders from taking control of devices they find," Weber adds.
