Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Robot Hacking Manual (RHM). From robotics to cybersecurity. Papers, notes and writeups from a journey into robot cybersecurity.

License

NotificationsYou must be signed in to change notification settings

vmayoral/robot_hacking_manual

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Download in PDFRHM v0.5Read online |Robot hacks

TheRobot Hacking Manual (RHM) is an introductory series about cybersecurity for robots, with an attempt to provide comprehensive case studies and step-by-step tutorials with the intent to raise awareness in the field and highlight the importance of taking asecurity-first1 approach. The material available here is also a personal learning attempt and it's disconnected from any particular organization. Content is provided as is andby no means I encourage or promote the unauthorized tampering of robotic systems or related technologies.

Cite this work:

@article{mayoral2022robot,  title={Robot Hacking Manual (RHM)},  author={Mayoral-Vilches, V{\'\i}ctor},  journal={arXiv preprint arXiv:2203.04765},  year={2022}}

Robot hacks

A non-exhaustive list of cybersecurity research in robotics containing various related robot vulnerabilities and attacks due to cybersecurity issues.

👹 Codename/theme🤖 Robotics technology affected👨‍🔬 Researchers📖 Description📅 Date
Reverse engineering and hacking Ecovacs robots (slides, video, news article)Dennis Giese, BraelynnVulnerabilities and security risks of Ecovacs smart home robots, highlighting serious flaws such as broken encryption, missing certificate verification, inadequate access control, and unauthorized live camera access. Building on years of experience hacking devices from brands like Roborock and Xiaomi, the presenters dive into the alarming security issues within Ecovacs robots, the market leader in home robotics. The talk covers the difficulties of reporting bugs to the company and warns against relying on third-party certifications. It emphasizes the importance of being cautious with device choices and even personal relationships, due to the potential privacy risks involved.24-08-2024
iRobot’s Roomba J7 series robot vacuumN/APersonal pictures in a home environment were found in the Internet taken by an iRobot’s Roomba J7 series robot vacuum. The photos vary in type and in sensitivity. The most intimate image we saw was the series of video stills featuring the young woman on the toilet, her face blocked in the lead image but unobscured in the grainy scroll of shots below. In another image, a boy who appears to be eight or nine years old, and whose face is clearly visible, is sprawled on his stomach across a hallway floor. A triangular flop of hair spills across his forehead as he stares, with apparent amusement, at the object recording him from just below eye level. Various other home pictures that tag objects in the environment were found.19-19-2022
Unitree'sGo1d0tslash (MAVProxyUser in GitHub)A hacker found a kill switch for a gun–wielding legged robot2345. The hack itself leverages a kill switch functionality/technology that ships in all units of the robot and that listens for a particular signal at 433Mhz. When it hears the signal, the robot shuts down. d0tslash used a portable multi-tool for pentesters (Flipper Zero) to emulate the shutdown, copying the signal the robot dog’s remote broadcasts over the 433MHz frequency.09-08-2022
Enabot'sEbo AirModux6Researchers from Modux found a securityflaw in Enabot Ebo Air #robot and responsibly disclosed their findings. Attack vectors could lead to remote-controlledrobot spy units. Major entry point appears to be a hardcoded system administrator password that is weak and shared across all of these robots. Researchers also found information disclosure issues that could lead attackers to exfiltrate home (e.g. home WiFi password) that could then be used to pivot into other devices through local network.21-07-2022
Analyzing the Data Distribution Service (DDS) Protocol for Critical Industries7ROS 2,eProsima'sFast-DDS,OCI'sOpenDDS,ADLINK's (nowZettaScale's)CycloneDDS,RTI'sConnextDDS,Gurum Networks'sGurumDDS andTwin Oaks Computing'sCoreDX DDSTa-Lun Yen,Federico Maggi,Víctor Mayoral-Vilches,Erik Boassonet al. (various)7This research looked at the OMG Data Distribution Service (DDS) standards and its implementations from a security angle. 12 CVE IDs were discovered 🆘, 1 specification-level vulnerability identified 💻, and 6 DDS implementations were analyzed (3 open source, 3 proprietary). Results hinted that DDS's security mechanisms were not secure and much effort on this side was required to protect sensitive industrial and military systems powered by this communication middleware. The research group detected that these security issues were present in almost 650 different devices exposed on the Internet, across 34 countries and affecting 100 organizations through 89 Internet Service Providers (ISPs).19-04-2022
Hacking ROS 2, the Robot Operating System8ROS 2Víctor Mayoral-Vilcheset al. (various)89A team of security researchers led by the spanish firm Alias Robotics on their robotics focus discovered various security vulnerabilities that led to compromising the Robot Operating System 2 (ROS 2) through its underlying communication middleware (the DDS communications middleware). Researchers demonstrated how to dissect ROS 2 communications and perform ROS 2 reconnaissance, ROS 2 network denial of service through reflection attacks, and ROS 2 (Node) crashing by exploiting memory overflows which could lead to remote execution of arbitrary code. To mitigate these security vulnerabilities, Alias Robotics contributed to various open source tools including to SROS29 with a series of developer tool extensions that help detect some of these insecurities in ROS 2 and DDS. ROS 2community-owner Open Robotics did not follow up with these results or contributions and disregarded overall its relevance, pushing security responsibility aside1022-04-2022
JekyllBot:511Aethon TUG smart robots (various)Cynerio11JekyllBot:5 is a collection of five critical zero-day vulnerabilities that enable remote control of Aethon TUG smart autonomous mobile robots and their online console, devices that are increasingly used for deliveries in global hospitals. More tech details about security findings at12.01-04-2022
Robot Teardown, stripping industrial robots for good13Universal Robots'UR3,UR5,UR10,UR3e,UR5e,UR10e andUR16eVíctor Mayoral-Vilcheset al. (various)14This research led by Alias Robotics introduced and advocated for robot teardown as an approach to study robot hardware architectures and fuel security research. Security researchers showed how teardown can help understanding the underlying hardware for uncovering security vulnerabilities. The group showed how robot teardown helped uncover more than 100 security flaws with 17 new CVE IDs granted over a period of two years. The group also demonstrated how various robot manufacturers are employing various planned obsolescense practices and how through teardown, planned obsolescence hardware limitations can be identified and bypassed obtaining full control of the hardware and giving it back to users, which poses both an opportunity to claim theright to repair as well as a threat to various robot manufacturers’ business models20-07-2021
Rogue Automation13(various robotic programming languages/frameworks) ABB'sRapid, Comau'sPDL2, Denso'sPacScript, Fanuc'sKarel, Kawasaki'sAS, Kuka'sKRL, Mitsubishi'sMelfa, and Universal Robots'sURScriptFederico Maggi,Marcello Pogliani (various)13This research unveils various hidden risks of industrial automation programming languages and frameworks used in robots from ABB, Comau, Denso, Fanuc, Kawasaki, Kuka, Mitsubishi, and Universal Robots. The security analysis performed in here reveals critical flaws across these technologies and their repercussions for smart factories.01-08-2020
Securing disinfection robots in times of COVID-191516UVD Robots'UVD Robot® Model B,UVD Robot® Model AVíctor Mayoral-Vilcheset al. (Alias Robotics)1516The robots used in many medical centres to fight against COVID-19 for disinfection tasks were found vulnerable to various previously reported vulnerabilities (see17) while using Ultraviolet (UV) light, which can affect humans causing suntan, sunburn or even a reportedly increased risk of skin cancer, among others. The team at Alias Robotics confirmed experimentally these issues and found many of these robots insecure, with many unpatched security flaws and easily accessible in public spaces. This led them to develop mitigations for these outstanding security flaws and offered free licenses16 for such patches to hospitals and industry during the pandemic19-09-2020
The week of Mobile Industrial Robots' bugs17Mobile Industrial Robots'MiR100,MiR200,MiR250,MiR500,MiR600,MiR1000,MiR1350, Easy Robotics'ER200, Enabled Robotics'ER-FLEX,ER-LITE,ER-ONE, UVD Robots'UVD Robot® Model B,UVD Robot® Model AVíctor Mayoral-Vilcheset al. (Alias Robotics)18Having identified relevant preliminary security issues, after months of failed interactions with Mobile Industrial Robots’ (MiR) robot manufacturer while trying to help secure their robots, with this disclosure, Alias Robotics decided to empower end-users of Mobile Industrial Robots’ with information. The disclosure included a week of hacking efforts that finalized with the public release of 14 cybersecurity vulnerabilities affecting MiR industrial robots and other downstream manufacturers, impacting thousands of robots. More than 10 different robot types were affected operating across industrial spaces and all the way to public environments, such as airports and hospitals. 11 new CVE IDs were assigned as part of this effort24-06-2020
Attacks on Smart Manufacturing Systems19MitsubishiMelfa V-2AJFederico Maggi,Marcello Pogliani (various)19Systematic security analysis exploring a variety of attack vectors on a real smart manufacturing system, assessing the attacks that could be feasibly launched on a complex smart manufacturing system01-05-2020
The week of Universal Robots' bugs18Universal Robots'UR3,UR5,UR10,UR3e,UR5e,UR10e andUR16eVíctor Mayoral-Vilcheset al. (Alias Robotics)18For years Universal Robots did not care nor responded about cybersecurity issues with their products. Motivated by this attitude, Alias Robotics' team launched an initiative to empower Universal Robots' end-users, distributors and system integrators with the information they so much require to make use of this technology securely. This effort was called theweek of Universal Robots' bugs and in total, more than 80 security issues were reported in the robots of Universal robots31-03-2020
Akerbeltz: Industrial robot ransomware20Universal Robots'UR3,UR5,UR10Víctor Mayoral-Vilcheset al. (Alias Robotics)20In an attempt to raise awareness and illustrate the”insecurity by design in robotics”, the team at Alias Robotics createdAkerbeltz, the first known instance of industrial robot ransomware. The malware was demonstrated using the UR3 robot from a leading brand for industrial collaborative robots, Universal Robots. The team of researchers discussed the general flow of the attack including the initial cyber-intrusion, lateral movement and later control phase16-12-2019
Rogue Robots21ABB’sIRB140Federico Maggi,Davide Quartaet al. (various)21Explored, theoretically and experimentally, the challenges and impacts of the security of modern industrial robots. Researchers also simulated an entire attack algorithm from an entry point to infiltration and compromise to demonstrate how an attacker would make use of existing vulnerabilities in order to perform various attacks.01-05-2017
Hacking Robots Before Skynet22SoftBank Robotics'sNAO andPepper, UBTECH Robotics'Alpha 1S andAlpha 2, ROBOTIS'OP2 andTHORMANG3, Universal Robots'UR3,UR5,UR10, Rethink Robotics'Baxter andSawyer and several robots from Asratec CorpLucas Apa andCésar Cerrudo (IOActive)22Discovered critical cybersecurity issues in several robots from multiple vendors which hinted about the lack of security concern and awareness in robotics.30-01-2017
Robot Operating System (ROS): Safe & Insecure23ROSLubomir Stroetmann (softSCheck)23This is one of the earliest studies touching on ROS and offers security insights and examples about the lack of security considerations in ROS and the wide attack surface exposed by it. The author hints that with ROS, protection mechanism depends on the (security) expertise of the user, which is not a good assumption in the yet security-immature robotics community. Moreover the author hints about various vulnerabilities that are easily exploitable due to the XMLRPC adoption within the ROS message-passing infrastructure including various XML bomb attacks (e.g. "billion laughs")28-02-2014

Footnotes

  1. Read on what a security-first approach inhere.

  2. Hacker detects a kill switch to take down the gun-toting robot doghttps://interestingengineering.com/innovation/gun-toting-robot-dog-kill-switch

  3. Hacker Finds Kill Switch for Submachine Gun–Wielding Robot Doghttps://www.vice.com/en/article/akeexk/hacker-finds-kill-switch-for-submachine-gun-wielding-robot-dog

  4. HangZhou Yushu Technology (Unitree) go1 development noteshttps://github.com/MAVProxyUser/YushuTechUnitreeGo1#pdb-emergency-shut-off-backdoor-no-way-to-disable

  5. Russia's new 'robot dog war machine' is just Chinese household 'toy' with gun taped onhttps://www.dailystar.co.uk/news/world-news/russias-new-robot-dog-war-27765427

  6. Serious security issues uncovered with the Enabot Smart Robothttps://www.modux.co.uk/post/serious-security-issues-uncovered-with-the-enabot-smart-robot. Flaws in Enabot Ebo Air Home Security Robot Allowed Attackers to Spy on Usershttps://www.hackread.com/enabot-ebo-air-home-security-robot-flaws-spy-on-users/. Enabot Ebo Air smart robot hacking flaw found, and fixedhttps://www.which.co.uk/news/article/enabot-ebo-air-smart-robot-hacking-flaw-found-and-fixed-aJCkd2I4cxPs

  7. Analyzing the Data Distribution Service (DDS) Protocol for Critical Industrieshttps://documents.trendmicro.com/assets/white_papers/wp-a-security-analysis-of-the-data-distribution-service-dds-protocol.pdf2

  8. Case study, hacking theRobot Operating System (ROS) 2https://github.com/vmayoral/robot_hacking_manual/tree/master/1_case_studies/2_ros2. Seehttps://news.aliasrobotics.com/alias-robotics-dds-ros2-vulnerabilities/ andhttps://www.prnewswire.com/news-releases/alias-robotics-discovers-numerous-and-dangerous-vulnerabilities-in-the-robot-operating-systems-ros-communications-that-can-have-devastating-consequences-301513741.html for public announcements. Seehttps://www.robotics247.com/article/alias_robotics_claims_to_find_security_flaws_in_ros_2_open_robotics_responds for some public discussions2

  9. SROS2: Usable Cyber Security Tools for ROS 2https://aliasrobotics.com/files/SROS2.pdf2

  10. Alias Robotics Claims to Find Security Flaws in ROS 2; Open Robotics Respondshttps://www.robotics247.com/article/alias_robotics_claims_to_find_security_flaws_in_ros_2_open_robotics_responds

  11. JekyllBot:5https://www.cynerio.com/jekyllbot-5-vulnerability-disclosure-report2

  12. JekyllBot:5 allows attackers who exploit these vulnerabilities to:a) See real-time footage ofa hospital through the robots’ cameras,b) Take videos and pictures of vulnerable patients and hospital interiors,c) Interfere with critical or time-sensitive patient care and operations by shutting down or obstructing hospital elevators and door locking systems,d) Access patient medical records inviolation of HIPAA and other international regulations regarding the protection ofpersonal health information,e) Take control of the robots’ movement and crash them into people and objects, or use them to harass patients and staff,f) Disrupt the regular maintenancetasks regularly performed by the robots, including house keeping, cleaning, and delivery errands,g) Disrupt or block robot delivery of critical patient medication, or stealit outright, with potentially damaging or fatal patient outcomes as a result,h) Hijack legitimate administrative user sessions in the robots’ online portal and inject malware through their browser to perpetrate further cyberattacks on IT and security team members at healthcare facilities.

  13. Rogue Automation: Vulnerable and Malicious Code in Industrial Programminghttps://robosec.org/downloads/wp-rogue-automation-vulnerable-and-malicious-code-in-industrial-programming.pdf23

  14. Robot teardown, stripping industrial robots for goodhttps://aliasrobotics.com/files/robot_teardown_paper.pdf

  15. Securing disinfection robots in times of COVID-19https://news.aliasrobotics.com/securing-uvdrobots/2

  16. Insecure robots during COVID-19https://www.youtube.com/watch?v=1lNNYpSP8Dg (seehttps://www.youtube.com/watch?v=QFubEoWm7bA for a version in spanish)23

  17. The week of Mobile Industrial Robots' bugshttps://news.aliasrobotics.com/the-week-of-mobile-industrial-robots-bugs/2

  18. The week of Universal Robots' bugshttps://news.aliasrobotics.com/week-of-universal-robots-bugs-exposing-insecurity/23

  19. Attacks on Smart Manufacturing Systems A Forward-looking Security Analysishttps://robosec.org/downloads/wp-attacks-on-smart-manufacturing-systems.pdf2

  20. Industrial robot ransomware: Akerbeltzhttps://arxiv.org/pdf/1912.07714.pdf2

  21. Rogue Robots: Testing the Limits of an Industrial Robot’s Securityhttps://www.blackhat.com/docs/us-17/thursday/us-17-Quarta-Breaking-The-Laws-Of-Robotics-Attacking-Industrial-Robots-wp.pdf2

  22. Hacking Robots Before Skynethttps://ioactive.com/pdfs/Hacking-Robots-Before-Skynet.pdf2

  23. Robot Operating System (ROS): Safe & Insecure, Security Investigation of the Robot OS (ROS)https://www.researchgate.net/profile/Hartmut-Pohl/publication/263369999_Robot_Operating_System_ROS_Safe_Insecure/links/57fdf86108ae727563ffd5a6/Robot-Operating-System-ROS-Safe-Insecure.pdf2

[8]ページ先頭
©2009-2025 Movatter.jp