While checking on the security of the robotic arm used in multiple factories, the security researchers discovered several vulnerabilities that might allow access to hackers and provide them with the ability to control the robot arm from a distance.
If hackers start controlling this kind of robots, even the simple jobs of drawing a straight line might end up corrupted, and the line will probably become a weirdly shaped infinity symbol. This might seem like a small problem now, but what would happen if the same corrupted arm needs to wield engine parts? In that case, mistakes like this will cause malfunctions which will not only lead to causing major property damage but will even endanger multiple human lives.
In order to demonstrate the possibility of such an attack, the researchers themselves successfully hacked tie IRB 140 robot arm that was made by a Swedish-Swiss company called ABB. This company is in the business of selling products for the transportation, utility and infrastructure industries, and the security researchers used their model to show how easy it would be to confuse a robot when it comes even to the simplest jobs.
The professor from the Politecnico di Milano, Stefano Zanero, who was in charge of overseeing the research has stated that “The worst case scenario for any robot is a silent modification of the parameters that is not immediately visible. But that can achieve dangerous effects, such as inserting defects in the products, or making the robot harmful to nearby humans or to itself.”
Robots have been replacing humans on jobs connected to the manual labor for years now, and the process is only increasing. This is especially true when it comes to the factory jobs. It’s estimated that by the end of next year, over 1.3 million robots will be working in factories, and this is exactly why they need to be as secure as possible, otherwise, just imagine the damage that 1.3 million robots can make by producing flawed merchandise around the world.
The robot arm used for the demonstrative hack was only one of the models that could have been targeted. Researchers have discovered that exactly 83,673 are vulnerable thanks to the fact that they’ve been using search engines like Shodan, that are exposing them online and can lead them to the unprotected websites. It’s expected that the flaws found in IRB 140 can be found in other models as well.
When asked if the criminals could have used the flaws in the system to access robots and use them to kill people, Zanero said that it depends. Basically, robots are made for working with humans, mostly in close contact, and are therefore created to be as safe as possible. However, that safety is there only because it was built into the software. This means that it could be disabled, and in that case, the possibility turns into high probability.
The detailed technical findings will be presented in the paper on May 22, at the IEEE Symposium on Security and Privacy.