Open-source tool scans for hackable robots on the net: Page 2 of 3

January 21, 2019 // By Julien Happich
Open-source tool scans for hackable robots on the net
In the hope of making robot manufacturers and users react promptly to secure their installations, robot cybersecurity startup Alias Robotics has released the code for a robot scanning tool, able to track any internet-connected robots powered by ROS, SROS and other robot technologies.

Regarding European countries with a larger number of connected routers, France stands out in the proportion of misconfigured devices, reported to display a total of 416 devices, 261 of them (63%) exposing default credentials, according to the study. Spain follows with 54% of the studied industrial routers being configured with default credentials. North American countries showed the highest amount of industrial routers detected, with poor security settings in 36% in the US and 41% in Canadian routers.

Scan results for ROS systems by country.

The Alias Robotics team performed two different scans through the whole internet address space searching for open ROS Master in the 11311 port. Then, aztarna was used to verify that the hosts actually corresponded to machines running ROS. A striking amount of 106 ROS Systems were detected, most of them in the US (52) and Korea (16). Some of the ROS instances found corresponded to empty systems or simulations, but a considerable proportion of real robots were identified. Including an array of research oriented machines, but also a series of robots in industrial environments.

As potential targets for cyberattacks, robots “need to be secured as soon as possible” alert the authors, adding that so far manufacturers are not responding, although end users are becoming aware of the problem.

Last summer, the University of Brown published a research on robot visibility on the internet. Scanning the internet, they found over 100 ROS-running internet-connected robots that were potential targets for cybercrime and mischief. This massive security issue got big international echo. Six months later, researchers from the robot cybersecurity startup Alias Robotics found no changes: hundreds of robots are still openly connected to the internet and potentially hackable.

Moreover, Alias Robotics’ offensive team has extended the scan to other robots not running ROS. “Our aim was to improve, systematize and extend the results of previous studies. We target not only robots powered by the Robot Operating System (ROS), but also other setups (SROS, ROS 2.0) and technologies. Beyond robotics frameworks, our work also targets other robots that do not necessarily employ these popular middlewares”, says David Mayoral, CEO of Alias Robotics.


Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.