The ethical hackers at Alias Robotics have published a paper describing how easy is to create and deploy industrial robot ransomware in Universal Robots UR3, the top seller collaborative robot worldwide.
“Too many robot manufacturers benefit from security by obscurity nowadays. Many hold an irresponsible position with regards to cybersecurity claiming that their “robots are open to facilitate system integration” and avoid including security features that protect robot users and operators” explains Víctor Mayoral-Vilches, CTO at Alias Robotics.
In a call to foster awareness and mature security practices by the industry, researchers in Alias Robotics have created the first robot ransomware (a type of malware that demands for an economic ransom). The ransomware itself, the first of its kind, was named after Akerbeltz, a basque mythological entity that acted as a protector of the animal kind, a feature that is particular to collaborative robots, created to collaborate closely and safely with human operators in the surroundings.
The Akerbeltz ransomware exploits several vulnerabilities to intrude the robot, takes control over it, encrypts and locks system completely, demanding bitcoin for unlocking it. Researchers, will not be releasing the source code of the malware, instead they are calling for action and warn that “attacks alike
Akerbeltz are to be foreseen” if the adequate measures are not taken. “Robot manufacturers are playing fools and are negligently putting robot users at risk with their attitude. End users are used to take security-by-design for granted, and this is clearly not the case. We call again for security researchers to adopt a disclosure policy that is forcing manufacturers to react before it is too late. We believe that robot end users need to take the lead and start questioning the cyber risks associated with these kind of industrial robots”, said Endika Gil-Uriarte, Chief Scientific Officer at Alias Robotics.
Alias Robotics - https://aliasrobotics.com