SlideShare a Scribd company logo

Breaking the Laws of Robotics: Attacking Industrial Robots

Speck&Tech
Speck&Tech

ABSTRACT: Industrial robots are complex cyber-physical systems used for manufacturing, and a critical component of any modern factory. These robots aren't just electromechanical devices but include complex embedded controllers, which are often interconnected with other computers in the factory network, safety systems, and to the Internet for remote monitoring and maintenance. In this scenario, industrial routers also play a key role, because they directly expose the robot's controller. Therefore, the impact of a single, simple vulnerability can grant attackers an easy entry point. The talk will discuss how remote attackers are able to attack such robots up to the point where they can alter the manufactured product, physically damage the robot, steal industry secrets, or injure humans. BIO: Stefano Zanero received a PhD in Computer Engineering from Politecnico di Milano, where he is currently a full professor with the Dipartimento di Elettronica, Informazione e Bioingegneria. His research focuses on malware analysis, cyber-physical security, and cybersecurity in general. Besides teaching “Computer Security” and “Digital Forensics and Cybercrime” at Politecnico, he has extensive speaking and training experience in Italy and abroad. He co-authored over 100 scientific papers and books. He is a Senior Member of the IEEE and the IEEE Computer Society, which has named him a Distinguished Lecturer and Distinguished Contributor; he is a lifetime senior member of the ACM, which has named him a Distinguished Speaker; and has been named a Fellow of the ISSA (Information System Security Association). Stefano is also a co-founder and chairman of Secure Network, a leading cybersecurity assessment firm, and a co-founder of BankSealer, a startup in the FinTech sector that addresses fraud detection through machine learning techniques.

Technology
1 of 55
Download to read offline
Breaking the laws of robotics Attacking industrial robots Stefano Zanero Politecnico di Milano Partially based upon work with present and former colleagues and students: D. Quarta, M. Pogliani, M. Polino, F. Maggi, A. Zanchettin, M. Vittone
Originally disconnected systems Now opening up to the Internet Security as an afterthought Industrial CPS traits
Production-critical systems Difficult to update Long service life and forever days Not necessarily managed by corp. IT (“IT vs OT”) Industrial CPS traits
Cyber-Physical Systems Influence the physical environment Sometimes, critical systems (safety-wise, critical infra) Industrial CPS traits
CIA triad not so important, but: ● Safety ○ people, environment, equipment ● Production continuity ○ Production plant halting ○ Ransomware (“oh, I could ransom that, too”) ● Production outcome alteration ○ → safety? Threat Scenarios
Example: additive manufacturing micro-defects dr0wned - Cyber-Physical Attack with Additive Manufacturing, Sofia Belikovetsky, Mark Yampolskiy, Jinghui Toh, Yuval Elovici, WOOT ‘17
Industrial robots?
Screenshot of teach pendant + formatted code snippet on the side 1) Robots are flexibly programmable...
… and the program doesn’t say it all
2) Robots are extensible & connected source: http://developercenter.robotstudio.com source: abb.com source: https://universal-robots.com/plus
3) Robots are (sometimes) collaborative
We assess attack impactby reasoning on requirements
Requirements Safety I/O Accuracy Integrity
violating any of these requirements via a digital vector Requirements → Robot-Specific Attack Safety I/O Accuracy Integrity
Control Loop or Calibration Tampering Safety Accuracy Integrity Attack 2
Production Logic Tampering Safety Accuracy Integrity Attack 3
Displayed or Actual State Alteration Safety Accuracy Integrity Attacks 4+5 Displayed or Actual State Alteration
Displayed State Alteration Example Teach Pendant Malicious DLL
Compromising robot controllers
Attack surface USB port LAN Radio Services: Well-known (FTP) + custom (RobAPI)
Plenty of vulnerabilities ● BOF leading to RCE ABBVU-DMRO-124641 ● BOF in FlexPendant ABBVU-DMRO-124645 ● BOF in /command endpoint ABBVU-DMRO-128238 ● Command Injection ABBVU-DMRO-124642 ● Authentication bypass ABBVU-DMRO-124644
Takeaways Some memory corruption Mostly logical vulnerabilities Unprotected sensitive files (e.g. config) All the components blindly trust the main computer (lack of isolation)
Full Controller Exploitation
That’s how we implemented the attacks
What’s the Attack Surface?
Robots are meant to be connected
Connected Robots: Why? ● Now: monitoring & maintenance ISO 10218-2:2011 ● Enter the I4.0: active production planning/control ○ some vendors expose REST-like APIs ○ … up to the use of mobile devices for commands ● Future: app/library stores ○ “Industrial” version of robotappstore.com?
More in general: the “smart factory” ecosystem
ICS on the Internet
Not so many... Remote Exposure of Industrial Robots Search Entries Country ABB Robotics 5 DK, SE FANUC FTP 9 US, KR, FR, TW Yaskawa 9 CA, JP Kawasaki E Controller 4 DE Mitsubishi FTP 1 ID Overall 28 10
Remote Exposure of Industrial Routers ...way more! Unknown which routers are actually robot-connected
Trivially “Fingerprintable” (banners, firmware, manuals) Outdated Software Components Insecure Web Interface Industrial Routers: Typical Issues Cut & paste
Proprietary Languages Language Vendor RAPID ABB KRL KUKA MELFA BASIC Mitsubishi AS Kawasaki PDL2 COMAU PacScript DENSO URScript Universal-Robot KAREL FANUC
The DSL rabbithole
Vendor File System Directory Listing ABB ✔ ✔ KUKA ✔ Mitsubishi ✔ Kawasaki COMAU ✔ Indirect DENSO Universal-Robot FANUC ✔ ✔ Features: Handle File Resources
Features: Load new Code at Runtime Vendor File System Directory Listing Load Module From File Call By Name ABB ✔ ✔ ✔ ✔ KUKA ✔ Mitsubishi ✔ Kawasaki COMAU ✔ Indirect ✔ ✔ DENSO ✔ ✔ Universal-Robot FANUC ✔ ✔ ✔ ✔
Features: Network Communication Vendor File System Directory Listing Load Module From File Call By Name Communication ABB ✔ ✔ ✔ ✔ ✔ KUKA ✔ ✔ Mitsubishi ✔ ✔ Kawasaki ✔ COMAU ✔ Indirect ✔ ✔ ✔ DENSO ✔ ✔ ✔ Universal-Robot ✔ FANUC ✔ ✔ ✔ ✔ ✔
We Asked Automation Engineers... What language features do you use when programming robots?
We Found out that… •Developers can introduce vulnerabilities that can be exploited • Yes, we found vulnerable code published on GitHub •Threat actors can abuse the language features to write malware • Yes, we were able to write a network-capable, self-spreading malware dropper
Example: a vulnerable web server in RAPID
Example Web server root Robot controller Secrets stolen Outside the root
Sources and Sinks Attacker-controlled input concrete impact sensitive sources sensitive sinks File Inbound communication (e.g., network) Teach Pendant (UI) Robot Movement File Handling (e.g., read) File Modification (e.g., write configuration) Call by Name
1 2 3 4 We built an analyzer for (some) DSL CFG Generation Dataflow Analysis Task program’s source code Parsing RAPID parser KRL parser ... MoveJ point0 WaitTime 4 MoveL point1 WaitTime 5 ... ICFG Generatio n Potential Vulnerabilities Potentially Abused Features Insecure Patterns & Malicious Patterns
Detection Results •Hard to find public code (it’s intellectual property) •100 RAPID and KRL files on public repo (e.g., GitHub and GitLab) Vulnerability Projects Files Root Cause Network → Remote Function Exec 2 2 Dynamic code loading Network → File Access 1 4 Unfiltered open file Network → Arbitrary Movement 13 34 Unrestricted Move Joint or Move to point Detection Errors 2 12 Interrupts
•Exchange files via network Are These Languages Good to Write Malware? Vendor File System Directory Listing Load Module From File Call By Name Communication ABB ✔ ✔ ✔ ✔ ✔ KUKA ✔ ✔ Mitsubishi ✔ ✔ Kawasaki ✔ COMAU ✔ Indirect ✔ ✔ ✔ DENSO ✔ ✔ ✔ Universal-Robot ✔ FANUC ✔ ✔ ✔ ✔ ✔
•Load or send data via network •Jump to code available at runtime Are These Languages Good to Write Malware? Vendor File System Directory Listing Load Module From File Call By Name ABB ✔ ✔ ✔ ✔ KUKA ✔ Mitsubishi ✔ Kawasaki COMAU ✔ Indirect ✔ ✔ DENSO ✔ ✔ Universal-Robot FANUC ✔ ✔ ✔ ✔
•Load or send data via network •Jump to code available at runtime •Scan the network for targets Are These Languages Good to Write Malware? Vendor Communication ABB ✔ KUKA ✔ Mitsubishi ✔ Kawasaki ✔ COMAU ✔ DENSO ✔ Universal-Robot ✔ FANUC ✔
•Load or send data via network •Jump to code available at runtime •Scan the network for targets •Turing-complete language Are These Languages Good to Write Malware?
Conclusions
Manufacturing systems increasingly connected Industrial-specific classes of attacks Domain-specific languages vulnerabilities Cooperative robotics challenges Conclusions
Stefano Zanero stefano.zanero@polimi.it @raistolo For further details, scientific papers, and more: http://robosec.org Questions?

Recommended

IOT Exploitation
IOT Exploitation IOT Exploitation
IOT Exploitation
Cysinfo Cyber Security Community
 
The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017
Jian-Hong Pan
 
Open Source IoT Project Flogo - Introduction, Overview and Architecture
Open Source IoT Project Flogo - Introduction, Overview and ArchitectureOpen Source IoT Project Flogo - Introduction, Overview and Architecture
Open Source IoT Project Flogo - Introduction, Overview and Architecture
Kai Wähner
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
ssuser57b3e5
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CloudIDSummit
 
Attacking Proprietary Android Vendor Customizations
Attacking Proprietary Android Vendor CustomizationsAttacking Proprietary Android Vendor Customizations
Attacking Proprietary Android Vendor Customizations
Roberto Natella
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
Duo Security
 
Analyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of ThingsAnalyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of ThingsIke Clinton
 

Recommended

IOT Exploitation
IOT Exploitation IOT Exploitation
IOT Exploitation
Cysinfo Cyber Security Community
 
The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017
Jian-Hong Pan
 
Open Source IoT Project Flogo - Introduction, Overview and Architecture
Open Source IoT Project Flogo - Introduction, Overview and ArchitectureOpen Source IoT Project Flogo - Introduction, Overview and Architecture
Open Source IoT Project Flogo - Introduction, Overview and Architecture
Kai Wähner
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
ssuser57b3e5
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CloudIDSummit
 
Attacking Proprietary Android Vendor Customizations
Attacking Proprietary Android Vendor CustomizationsAttacking Proprietary Android Vendor Customizations
Attacking Proprietary Android Vendor Customizations
Roberto Natella
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
Duo Security
 
Analyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of ThingsAnalyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of ThingsIke Clinton
 
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It PosesEnterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Alex Senkevitch
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
lior mazor
 
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Maksim Shudrak
 
Resin.io overview (2016 July)
Resin.io overview (2016 July)Resin.io overview (2016 July)
Resin.io overview (2016 July)
Balena
 
Track 4 session 6 - st dev con 2016 - samsung artik
Track 4 session 6 - st dev con 2016 - samsung artikTrack 4 session 6 - st dev con 2016 - samsung artik
Track 4 session 6 - st dev con 2016 - samsung artik
ST_World
 
IoT and the Role of Platforms
IoT and the Role of PlatformsIoT and the Role of Platforms
IoT and the Role of Platforms
TiE Bangalore
 
Why Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD WorkforceWhy Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD Workforce
Global Knowledge Training
 
Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers" Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers"
shawn_merdinger
 
Deep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudDeep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloud
sparkfabrik
 
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoTInria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Stéphanie Roger
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
veerababu penugonda(Mr-IoT)
 
FIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for Robots
FIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for RobotsFIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for Robots
FIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for Robots
FIWARE
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
Felipe Prado
 
The internet of things in now , see how golang is a part of this evolution
The internet of things in now , see how golang is a part of this evolutionThe internet of things in now , see how golang is a part of this evolution
The internet of things in now , see how golang is a part of this evolution
Yoni Davidson
 
Going Beyond the Device Heart Beat
Going Beyond the Device Heart BeatGoing Beyond the Device Heart Beat
Going Beyond the Device Heart Beat
Balwinder Kaur
 
Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)
Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)
Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)
Kai Wähner
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
Santhosh Kumar
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723Iftach Ian Amit
 
aibo introduction at ROSCon2018@Madrid
aibo introduction at ROSCon2018@Madridaibo introduction at ROSCon2018@Madrid
aibo introduction at ROSCon2018@Madrid
Tomoya Fujita
 
Mainflux - Hyperscalable Unified IoT Platform
Mainflux - Hyperscalable Unified IoT PlatformMainflux - Hyperscalable Unified IoT Platform
Mainflux - Hyperscalable Unified IoT Platform
Sasa Klopanovic
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Dati aperti: un diritto digitale, da rivendicare e da alimentare
Dati aperti: un diritto digitale, da rivendicare e da alimentareDati aperti: un diritto digitale, da rivendicare e da alimentare
Dati aperti: un diritto digitale, da rivendicare e da alimentare
Speck&Tech
 

More Related Content

Similar to Breaking the Laws of Robotics: Attacking Industrial Robots

Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It PosesEnterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Alex Senkevitch
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
lior mazor
 
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Maksim Shudrak
 
Resin.io overview (2016 July)
Resin.io overview (2016 July)Resin.io overview (2016 July)
Resin.io overview (2016 July)
Balena
 
Track 4 session 6 - st dev con 2016 - samsung artik
Track 4 session 6 - st dev con 2016 - samsung artikTrack 4 session 6 - st dev con 2016 - samsung artik
Track 4 session 6 - st dev con 2016 - samsung artik
ST_World
 
IoT and the Role of Platforms
IoT and the Role of PlatformsIoT and the Role of Platforms
IoT and the Role of Platforms
TiE Bangalore
 
Why Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD WorkforceWhy Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD Workforce
Global Knowledge Training
 
Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers" Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers"
shawn_merdinger
 
Deep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudDeep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloud
sparkfabrik
 
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoTInria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Stéphanie Roger
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
veerababu penugonda(Mr-IoT)
 
FIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for Robots
FIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for RobotsFIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for Robots
FIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for Robots
FIWARE
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
Felipe Prado
 
The internet of things in now , see how golang is a part of this evolution
The internet of things in now , see how golang is a part of this evolutionThe internet of things in now , see how golang is a part of this evolution
The internet of things in now , see how golang is a part of this evolution
Yoni Davidson
 
Going Beyond the Device Heart Beat
Going Beyond the Device Heart BeatGoing Beyond the Device Heart Beat
Going Beyond the Device Heart Beat
Balwinder Kaur
 
Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)
Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)
Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)
Kai Wähner
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
Santhosh Kumar
 
aibo introduction at ROSCon2018@Madrid
aibo introduction at ROSCon2018@Madridaibo introduction at ROSCon2018@Madrid
aibo introduction at ROSCon2018@Madrid
Tomoya Fujita
 
Mainflux - Hyperscalable Unified IoT Platform
Mainflux - Hyperscalable Unified IoT PlatformMainflux - Hyperscalable Unified IoT Platform
Mainflux - Hyperscalable Unified IoT Platform
Sasa Klopanovic
 

Similar to Breaking the Laws of Robotics: Attacking Industrial Robots (20)

Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It PosesEnterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
 
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
 
Resin.io overview (2016 July)
Resin.io overview (2016 July)Resin.io overview (2016 July)
Resin.io overview (2016 July)
 
Track 4 session 6 - st dev con 2016 - samsung artik
Track 4 session 6 - st dev con 2016 - samsung artikTrack 4 session 6 - st dev con 2016 - samsung artik
Track 4 session 6 - st dev con 2016 - samsung artik
 
IoT and the Role of Platforms
IoT and the Role of PlatformsIoT and the Role of Platforms
IoT and the Role of Platforms
 
Why Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD WorkforceWhy Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD Workforce
 
Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers" Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers"
 
Deep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudDeep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloud
 
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoTInria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
 
FIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for Robots
FIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for RobotsFIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for Robots
FIWARE Wednesday Webinars - How to Develop FIWARE NGSI Interfaces for Robots
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
 
The internet of things in now , see how golang is a part of this evolution
The internet of things in now , see how golang is a part of this evolutionThe internet of things in now , see how golang is a part of this evolution
The internet of things in now , see how golang is a part of this evolution
 
Going Beyond the Device Heart Beat
Going Beyond the Device Heart BeatGoing Beyond the Device Heart Beat
Going Beyond the Device Heart Beat
 
Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)
Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)
Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723
 
aibo introduction at ROSCon2018@Madrid
aibo introduction at ROSCon2018@Madridaibo introduction at ROSCon2018@Madrid
aibo introduction at ROSCon2018@Madrid
 
Mainflux - Hyperscalable Unified IoT Platform
Mainflux - Hyperscalable Unified IoT PlatformMainflux - Hyperscalable Unified IoT Platform
Mainflux - Hyperscalable Unified IoT Platform
 

More from Speck&Tech

Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Dati aperti: un diritto digitale, da rivendicare e da alimentare
Dati aperti: un diritto digitale, da rivendicare e da alimentareDati aperti: un diritto digitale, da rivendicare e da alimentare
Dati aperti: un diritto digitale, da rivendicare e da alimentare
Speck&Tech
 
AI nel diritto penale, dalle indagini alla redazione delle sentenze
AI nel diritto penale, dalle indagini alla redazione delle sentenzeAI nel diritto penale, dalle indagini alla redazione delle sentenze
AI nel diritto penale, dalle indagini alla redazione delle sentenze
Speck&Tech
 
Vecchi e nuovi diritti per l'intelligenza artificiale
Vecchi e nuovi diritti per l'intelligenza artificialeVecchi e nuovi diritti per l'intelligenza artificiale
Vecchi e nuovi diritti per l'intelligenza artificiale
Speck&Tech
 
What should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futuresWhat should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futures
Speck&Tech
 
Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"
Speck&Tech
 
AWS: gestire la scalabilità su larga scala
AWS: gestire la scalabilità su larga scalaAWS: gestire la scalabilità su larga scala
AWS: gestire la scalabilità su larga scala
Speck&Tech
 
Praticamente... AWS - Amazon Web Services
Praticamente... AWS - Amazon Web ServicesPraticamente... AWS - Amazon Web Services
Praticamente... AWS - Amazon Web Services
Speck&Tech
 
Data Sense-making: navigating the world through the lens of information design
Data Sense-making: navigating the world through the lens of information designData Sense-making: navigating the world through the lens of information design
Data Sense-making: navigating the world through the lens of information design
Speck&Tech
 
Data Activism: data as rhetoric, data as power
Data Activism: data as rhetoric, data as powerData Activism: data as rhetoric, data as power
Data Activism: data as rhetoric, data as power
Speck&Tech
 
Delve into the world of the human microbiome and metagenomics
Delve into the world of the human microbiome and metagenomicsDelve into the world of the human microbiome and metagenomics
Delve into the world of the human microbiome and metagenomics
Speck&Tech
 
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
Speck&Tech
 
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
Speck&Tech
 
Why LLMs should be handled with care
Why LLMs should be handled with careWhy LLMs should be handled with care
Why LLMs should be handled with care
Speck&Tech
 
Building intelligent applications with Large Language Models
Building intelligent applications with Large Language ModelsBuilding intelligent applications with Large Language Models
Building intelligent applications with Large Language Models
Speck&Tech
 
Privacy in the era of quantum computers
Privacy in the era of quantum computersPrivacy in the era of quantum computers
Privacy in the era of quantum computers
Speck&Tech
 
Machine learning with quantum computers
Machine learning with quantum computersMachine learning with quantum computers
Machine learning with quantum computers
Speck&Tech
 
Give your Web App superpowers by using GPUs
Give your Web App superpowers by using GPUsGive your Web App superpowers by using GPUs
Give your Web App superpowers by using GPUs
Speck&Tech
 
From leaf to orbit: exploring forests with technology
From leaf to orbit: exploring forests with technologyFrom leaf to orbit: exploring forests with technology
From leaf to orbit: exploring forests with technology
Speck&Tech
 
Innovating Wood
Innovating WoodInnovating Wood
Innovating Wood
Speck&Tech
 

More from Speck&Tech (20)

Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Dati aperti: un diritto digitale, da rivendicare e da alimentare
Dati aperti: un diritto digitale, da rivendicare e da alimentareDati aperti: un diritto digitale, da rivendicare e da alimentare
Dati aperti: un diritto digitale, da rivendicare e da alimentare
 
AI nel diritto penale, dalle indagini alla redazione delle sentenze
AI nel diritto penale, dalle indagini alla redazione delle sentenzeAI nel diritto penale, dalle indagini alla redazione delle sentenze
AI nel diritto penale, dalle indagini alla redazione delle sentenze
 
Vecchi e nuovi diritti per l'intelligenza artificiale
Vecchi e nuovi diritti per l'intelligenza artificialeVecchi e nuovi diritti per l'intelligenza artificiale
Vecchi e nuovi diritti per l'intelligenza artificiale
 
What should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futuresWhat should 6G be? - 6G: bridging gaps, connecting futures
What should 6G be? - 6G: bridging gaps, connecting futures
 
Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"Creare il sangue artificiale: "buon sangue non mente"
Creare il sangue artificiale: "buon sangue non mente"
 
AWS: gestire la scalabilità su larga scala
AWS: gestire la scalabilità su larga scalaAWS: gestire la scalabilità su larga scala
AWS: gestire la scalabilità su larga scala
 
Praticamente... AWS - Amazon Web Services
Praticamente... AWS - Amazon Web ServicesPraticamente... AWS - Amazon Web Services
Praticamente... AWS - Amazon Web Services
 
Data Sense-making: navigating the world through the lens of information design
Data Sense-making: navigating the world through the lens of information designData Sense-making: navigating the world through the lens of information design
Data Sense-making: navigating the world through the lens of information design
 
Data Activism: data as rhetoric, data as power
Data Activism: data as rhetoric, data as powerData Activism: data as rhetoric, data as power
Data Activism: data as rhetoric, data as power
 
Delve into the world of the human microbiome and metagenomics
Delve into the world of the human microbiome and metagenomicsDelve into the world of the human microbiome and metagenomics
Delve into the world of the human microbiome and metagenomics
 
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
Home4MeAi: un progetto sociale che utilizza dispositivi IoT per sfruttare le ...
 
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
Monitorare una flotta di autobus: architettura di un progetto di acquisizione...
 
Why LLMs should be handled with care
Why LLMs should be handled with careWhy LLMs should be handled with care
Why LLMs should be handled with care
 
Building intelligent applications with Large Language Models
Building intelligent applications with Large Language ModelsBuilding intelligent applications with Large Language Models
Building intelligent applications with Large Language Models
 
Privacy in the era of quantum computers
Privacy in the era of quantum computersPrivacy in the era of quantum computers
Privacy in the era of quantum computers
 
Machine learning with quantum computers
Machine learning with quantum computersMachine learning with quantum computers
Machine learning with quantum computers
 
Give your Web App superpowers by using GPUs
Give your Web App superpowers by using GPUsGive your Web App superpowers by using GPUs
Give your Web App superpowers by using GPUs
 
From leaf to orbit: exploring forests with technology
From leaf to orbit: exploring forests with technologyFrom leaf to orbit: exploring forests with technology
From leaf to orbit: exploring forests with technology
 
Innovating Wood
Innovating WoodInnovating Wood
Innovating Wood
 

Recently uploaded

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..
UiPathCommunity
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
Globus
 

Recently uploaded (20)

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
 

Breaking the Laws of Robotics: Attacking Industrial Robots

  • 1. Breaking the laws of robotics Attacking industrial robots Stefano Zanero Politecnico di Milano Partially based upon work with present and former colleagues and students: D. Quarta, M. Pogliani, M. Polino, F. Maggi, A. Zanchettin, M. Vittone
  • 2. Originally disconnected systems Now opening up to the Internet Security as an afterthought Industrial CPS traits
  • 3. Production-critical systems Difficult to update Long service life and forever days Not necessarily managed by corp. IT (“IT vs OT”) Industrial CPS traits
  • 4. Cyber-Physical Systems Influence the physical environment Sometimes, critical systems (safety-wise, critical infra) Industrial CPS traits
  • 5. CIA triad not so important, but: ● Safety ○ people, environment, equipment ● Production continuity ○ Production plant halting ○ Ransomware (“oh, I could ransom that, too”) ● Production outcome alteration ○ → safety? Threat Scenarios
  • 6. Example: additive manufacturing micro-defects dr0wned - Cyber-Physical Attack with Additive Manufacturing, Sofia Belikovetsky, Mark Yampolskiy, Jinghui Toh, Yuval Elovici, WOOT ‘17
  • 8.
  • 9. Screenshot of teach pendant + formatted code snippet on the side 1) Robots are flexibly programmable...
  • 10. … and the program doesn’t say it all
  • 11. 2) Robots are extensible & connected source: http://developercenter.robotstudio.com source: abb.com source: https://universal-robots.com/plus
  • 12. 3) Robots are (sometimes) collaborative
  • 15. violating any of these requirements via a digital vector Requirements → Robot-Specific Attack Safety I/O Accuracy Integrity
  • 16. Control Loop or Calibration Tampering Safety Accuracy Integrity Attack 2
  • 18. Displayed or Actual State Alteration Safety Accuracy Integrity Attacks 4+5 Displayed or Actual State Alteration
  • 19. Displayed State Alteration Example Teach Pendant Malicious DLL
  • 21.
  • 23. Plenty of vulnerabilities ● BOF leading to RCE ABBVU-DMRO-124641 ● BOF in FlexPendant ABBVU-DMRO-124645 ● BOF in /command endpoint ABBVU-DMRO-128238 ● Command Injection ABBVU-DMRO-124642 ● Authentication bypass ABBVU-DMRO-124644
  • 24. Takeaways Some memory corruption Mostly logical vulnerabilities Unprotected sensitive files (e.g. config) All the components blindly trust the main computer (lack of isolation)
  • 26. That’s how we implemented the attacks
  • 28. Robots are meant to be connected
  • 29. Connected Robots: Why? ● Now: monitoring & maintenance ISO 10218-2:2011 ● Enter the I4.0: active production planning/control ○ some vendors expose REST-like APIs ○ … up to the use of mobile devices for commands ● Future: app/library stores ○ “Industrial” version of robotappstore.com?
  • 30. More in general: the “smart factory” ecosystem
  • 31. ICS on the Internet
  • 32. Not so many... Remote Exposure of Industrial Robots Search Entries Country ABB Robotics 5 DK, SE FANUC FTP 9 US, KR, FR, TW Yaskawa 9 CA, JP Kawasaki E Controller 4 DE Mitsubishi FTP 1 ID Overall 28 10
  • 33. Remote Exposure of Industrial Routers ...way more! Unknown which routers are actually robot-connected
  • 34. Trivially “Fingerprintable” (banners, firmware, manuals) Outdated Software Components Insecure Web Interface Industrial Routers: Typical Issues Cut & paste
  • 35. Proprietary Languages Language Vendor RAPID ABB KRL KUKA MELFA BASIC Mitsubishi AS Kawasaki PDL2 COMAU PacScript DENSO URScript Universal-Robot KAREL FANUC
  • 37. Vendor File System Directory Listing ABB ✔ ✔ KUKA ✔ Mitsubishi ✔ Kawasaki COMAU ✔ Indirect DENSO Universal-Robot FANUC ✔ ✔ Features: Handle File Resources
  • 38. Features: Load new Code at Runtime Vendor File System Directory Listing Load Module From File Call By Name ABB ✔ ✔ ✔ ✔ KUKA ✔ Mitsubishi ✔ Kawasaki COMAU ✔ Indirect ✔ ✔ DENSO ✔ ✔ Universal-Robot FANUC ✔ ✔ ✔ ✔
  • 39. Features: Network Communication Vendor File System Directory Listing Load Module From File Call By Name Communication ABB ✔ ✔ ✔ ✔ ✔ KUKA ✔ ✔ Mitsubishi ✔ ✔ Kawasaki ✔ COMAU ✔ Indirect ✔ ✔ ✔ DENSO ✔ ✔ ✔ Universal-Robot ✔ FANUC ✔ ✔ ✔ ✔ ✔
  • 40. We Asked Automation Engineers... What language features do you use when programming robots?
  • 41. We Found out that… •Developers can introduce vulnerabilities that can be exploited • Yes, we found vulnerable code published on GitHub •Threat actors can abuse the language features to write malware • Yes, we were able to write a network-capable, self-spreading malware dropper
  • 42. Example: a vulnerable web server in RAPID
  • 44. Sources and Sinks Attacker-controlled input concrete impact sensitive sources sensitive sinks File Inbound communication (e.g., network) Teach Pendant (UI) Robot Movement File Handling (e.g., read) File Modification (e.g., write configuration) Call by Name
  • 45. 1 2 3 4 We built an analyzer for (some) DSL CFG Generation Dataflow Analysis Task program’s source code Parsing RAPID parser KRL parser ... MoveJ point0 WaitTime 4 MoveL point1 WaitTime 5 ... ICFG Generatio n Potential Vulnerabilities Potentially Abused Features Insecure Patterns & Malicious Patterns
  • 46. Detection Results •Hard to find public code (it’s intellectual property) •100 RAPID and KRL files on public repo (e.g., GitHub and GitLab) Vulnerability Projects Files Root Cause Network → Remote Function Exec 2 2 Dynamic code loading Network → File Access 1 4 Unfiltered open file Network → Arbitrary Movement 13 34 Unrestricted Move Joint or Move to point Detection Errors 2 12 Interrupts
  • 47. •Exchange files via network Are These Languages Good to Write Malware? Vendor File System Directory Listing Load Module From File Call By Name Communication ABB ✔ ✔ ✔ ✔ ✔ KUKA ✔ ✔ Mitsubishi ✔ ✔ Kawasaki ✔ COMAU ✔ Indirect ✔ ✔ ✔ DENSO ✔ ✔ ✔ Universal-Robot ✔ FANUC ✔ ✔ ✔ ✔ ✔
  • 48. •Load or send data via network •Jump to code available at runtime Are These Languages Good to Write Malware? Vendor File System Directory Listing Load Module From File Call By Name ABB ✔ ✔ ✔ ✔ KUKA ✔ Mitsubishi ✔ Kawasaki COMAU ✔ Indirect ✔ ✔ DENSO ✔ ✔ Universal-Robot FANUC ✔ ✔ ✔ ✔
  • 49. •Load or send data via network •Jump to code available at runtime •Scan the network for targets Are These Languages Good to Write Malware? Vendor Communication ABB ✔ KUKA ✔ Mitsubishi ✔ Kawasaki ✔ COMAU ✔ DENSO ✔ Universal-Robot ✔ FANUC ✔
  • 50. •Load or send data via network •Jump to code available at runtime •Scan the network for targets •Turing-complete language Are These Languages Good to Write Malware?
  • 51.
  • 52.
  • 54. Manufacturing systems increasingly connected Industrial-specific classes of attacks Domain-specific languages vulnerabilities Cooperative robotics challenges Conclusions
  • 55. Stefano Zanero stefano.zanero@polimi.it @raistolo For further details, scientific papers, and more: http://robosec.org Questions?