Breaking the Laws of Robotics: Attacking Industrial Robots

Presented at Black Hat USA 2017, July 27, 2017, 11 a.m. (50 minutes).

Industrial robots are complex cyber-physical systems used for manufacturing, and a critical component of any modern factory. These robots aren't just electromechanical devices but include complex embedded controllers, which are often interconnected with other computers in the factory network, safety systems, and to the Internet for remote monitoring and maintenance. In this scenario, industrial routers also play a key role, because they directly expose the robot's controller. Therefore, the impact of a single, simple vulnerability can grant attackers an easy entry point.

Industrial robots must follow three fundamental laws: accurately "read" from the physical world through sensors and "write" (i.e. perform actions) through actuators, refuse to execute self-damaging control logic, and most importantly, echoing Asimov, never harm humans. By combining a set of vulnerabilities we discovered on a real robot, we will demonstrate how remote attackers are able to violate such fundamental laws up to the point where they can alter the manufactured product, physically damage the robot, steal industry secrets, or injure humans.

We will cover in-depth technical aspects (e.g., reverse engineering and vulnerability details, and attack PoCs), alongside a broader discussion on the security posture of industrial routers and robots: Why these devices are attractive for attackers? What could they achieve? Are they hard to compromise? How can their security be improved?


Presenters:

  • Andrea Maria Zanchettin - Assistant Professor, Politecnico di Milano
    Andrea Zanchettin received his MSc in Computer Science Engineering in 2008, and his PhD in Information Technology in 2012, both from Politecnico di Milano. During Spring 2010, he spent a research stay at the Department of Automatic Control (Reglerteknik) at Lund University. From January 2012 until February 2014, he has been a temporary research assistant at the Dipartimento di Elettronica, Informazione e Bioingegneria (DEIB). From March 2014 to September 2016, he has been a fixed-term assistant professor at DEIB, where he is now a tenure-track assistant professor. In September 2014, Andrea Zanchettin has been the recipient of the Young Author Best Paper Award, sponsored by the Italian Chapter of the IEEE Robotics and Automation Society (I-RAS). Andrea Zanchettin has been member of the IEEE Robotics and Automation Society since 2009, and in 2017 he has been elected as Deputy Chair of I-RAS. Andrea Zanchettin has been co-author of around 50 papers on automatic control and intelligent human-robot interaction.
  • Davide Quarta - PhD student, Politecnico di Milano
    Davide Quarta is a PhD student at Politecnico di Milano in Italy, he works under the supervision of Stefano Zanero and Federico Maggi in the NECST Laboratory, inside the Dipartimento di Elettronica, Informazione e Bioingegneria (DEIB). His research interests mainly comprise the security of embedded systems, with a focus on vulnerability discovery. Other research areas of his interest include malware analysis and reverse engineering: he is involved in the Andrototal project, a publicly available service to scan Android applications aggregating results from several mobile antivirus products. His passion for security topics did induce him to also work on different projects as a freelance consultant. He spends his free time tumbling in the gym and playing CTF competitions with Politecnico's team, Tower of Hanoi.
  • Federico Maggi - Senior Threat Researcher, Trend Micro, Inc.
    Federico Maggi is a Senior Threat Researcher with Trend Micro's Forward-Looking Threat Research (FTR) team, an elite team of researchers fighting against cyber criminals and scouting the future of the Internet to predict the future evolutions of cybercrime. His research interests, mainly developed during his MSc and PhD, revolve around various topics under the "cyber security" and "cyber crime" umbrella terms, such as threat analysis and intelligence, malware analysis, mobile security, fraud analysis and detection, web- and social-network security and data visualization. Before joining Trend Micro, Federico was an Assistant Professor at Dipartimento di Elettronica, Informazione e Bioingegneria (DEIB), Politecnico di Milano in Italy. Federico has given several lectures and talks as an invited speaker at international venues and research schools. He also serves in the review or organizing committees of well-known conferences.
  • Marcello Pogliani - PhD student, Politecnico di Milano
    Marcello Pogliani is a PhD student at Dipartimento di Elettronica, Informazione e Bioingegneria (DEIB), Politecnico di Milano in Italy, where he works with the Computer Security group of the NECST laboratory. His research and professional interests revolve around various subtopics of applied computer systems security. Although he is mainly working on the security of cyber physical systems, he is generally interested in broader system-, web- and network- security issues. In his spare time, he enjoys playing and organizing Capture The Flag competitions with Politecnico's team, Tower of Hanoi.
  • Mario Polino - Postdoctoral Researcher, Politecnico di Milano
    Mario Polino recently received his PhD from Politecnico di Milano in Italy, working at NECST laboratory as part of the Computer Security group inside Dipartimento di Elettronica, Informazione e Bioingegneria (DEIB). His main research revolve around malware analysis with a specific attention on behavioral analysis to assist malware analysts. He is interested in various computer security topics, and has worked on several topics ranging from cyber-physical systems to static binary analysis, going through Bank Fraud Analysis and Android Security. He loves playing Capture the Flag competitions, so he spend his free time playing with Politecnico's team, Tower of Hanoi.
  • Stefano Zanero - Associate Professor, Politecnico di Milano
    Stefano Zanero received a PhD in Computer Engineering from Politecnico di Milano, where he is currently an associate professor with the Dipartimento di Elettronica, Informazione e Bioingegneria. His research focuses on malware analysis, cyberphysical security, and cybersecurity in general. Besides teaching "Computer Security" and "Computer Forensics" at Politecnico, he has an extensive speaking and training experience in Italy and abroad. He co-authored over 70 scientific papers and books. He is a Senior Member of the IEEE (for which he sits on the MGA board), the IEEE Computer Society (for which he is a member of the Board of Governors), and a lifetime senior member of the ACM. Stefano co-founded the Italian chapter of ISSA (Information System Security Association). He has been named a Fellow of ISSA and sits in its International Board of Directors. Stefano is also a co-founder and chairman of Secure Network, a leading information security consulting firm based in Milan and in London; a co-founder of 18Months, a cloud-based ticketing solutions provider; and a co-founder of BankSealer, a startup in the FinTech sector that addresses fraud detection through machine learning techniques.

Links:

Similar Presentations: