Regarding European countries with a larger number of connected routers, France stands out in the proportion of misconfigured devices, reported to display a total of 416 devices, 261 of them (63%) exposing default credentials, according to the study. Spain follows with 54% of the studied industrial routers being configured with default credentials. North American countries showed the highest amount of industrial routers detected, with poor security settings in 36% in the US and 41% in Canadian routers.
The Alias Robotics team performed two different scans through the whole internet address space searching for open ROS Master in the 11311 port. Then, aztarna was used to verify that the hosts actually corresponded to machines running ROS. A striking amount of 106 ROS Systems were detected, most of them in the US (52) and Korea (16). Some of the ROS instances found corresponded to empty systems or simulations, but a considerable proportion of real robots were identified. Including an array of research oriented machines, but also a series of robots in industrial environments.
As potential targets for cyberattacks, robots “need to be secured as soon as possible” alert the authors, adding that so far manufacturers are not responding, although end users are becoming aware of the problem.
Last summer, the University of Brown published a research on robot visibility on the internet. Scanning the internet, they found over 100 ROS-running internet-connected robots that were potential targets for cybercrime and mischief. This massive security issue got big international echo. Six months later, researchers from the robot cybersecurity startup Alias Robotics found no changes: hundreds of robots are still openly connected to the internet and potentially hackable.
Moreover, Alias Robotics’ offensive team has extended the scan to other robots not running ROS. “Our aim was to improve, systematize and extend the results of previous studies. We target not only robots powered by the Robot Operating System (ROS), but also other setups (SROS, ROS 2.0) and technologies. Beyond robotics frameworks, our work also targets other robots that do not necessarily employ these popular middlewares”, says David Mayoral, CEO of Alias Robotics.