Could your industrial robots "go rogue"?

Could the robots working in your factory or distribution center "go rogue"? A research report from the cybersecurity company Trend Micro and Politecnico di Milano, the largest technical university in Italy, says that it is a distinct possibility.

Although "Rogue Robots: Testing the Limits of an Industrial Robot's Security" might sound like some piece of science fiction about robots rebelling and trying to conquer the world, it addresses a far more mundane, yet still sinister, threat: hackers taking control of industrial machines in order to harm companies, products, and possibly people.

The researchers conducted a series of tests in a laboratory setting, which found that industrial robots are vulnerable to cyberattacks because they are often running outdated software and have weak authentication systems. Additionally, many industrial devices reside on public Internet Protocol (IP) addresses, which increases the risk that a hacker could access them. IP addresses are numeric addresses given to computers that are connected to the Internet.

The paper identifies five potential kinds of attacks:

1) The hacker alters a robot's control system so that it moves unexpectedly or inaccurately. This could result in defective or modified products.

2) The hacker tampers with a robot's calibration to make it move unexpectedly or inaccurately at the attacker's will. This also could result in defective or modified products.

3) The hacker manipulates a robot's production logic to introduce defects into the work piece.

4) The hacker manipulates a robot's status information so the operator is not aware of the machine's true status. This could result in operator injuries if, for example, the operator believes that the robot has been turned off and is safe to approach.

5) The hacker manipulates a robot directly so the operator loses control and possibly gets injured.

Such attacks could pose a wide variety of risks for manufacturers. Trend Micro has created a video showing an example of a cyberattack and explaining the implications. The video (below) shows how a hacker could cause a robot to introduce a small, imperceptible defect that could cause the product to malfunction. This could lead to expensive returns and a reputation-damaging recall process. Hackers could also ask for a ransom to reveal which product lots have been damaged.

A hacked robot could also damage itself, other parts of a production line, or even workers. Malfunctioning robots could also create production bottlenecks. Furthermore, cybercriminals could hack into robots to gain access to sensitive information or company secrets, such as source code or information about production schedules and volumes.

To guard against the risk of such threats, the report's authors suggest, companies should be sure to perform all available software updates. Oftentimes, they note, factories will skip these updates rather than lose production time while the robots are taken offline. Companies can also work with robot vendors to identify potential threats and improve security, the authors write.