Researchers at the Polytechnic University of Milan and cybersecurity firm Trend Micro have analyzed some of the most popular industrial programming languages and showed how they can open the door to attacks against robots and other programmable manufacturing machines. They have developed a worm to demonstrate the severity of their findings.
The researchers analyzed programming languages from ABB, Comau, Denso, Fanuc, Kawasaki, Kuka, Mitsubishi, and Universal Robots, which can be used to create custom applications that enable industrial robots to carry out complex automation routines.
The experts looked at 100 open source automation programs developed with these languages and discovered vulnerabilities in many of them, including flaws that could allow a hacker to control or disrupt a robot. They pointed out that while some of the code they analyzed may not be used in production, some of it originated from technical materials that are likely to be used by beginner programmers, and it’s not uncommon for open source code to make its way into final products.
A majority of the studied programming languages have been around for a long time and migrating to a different technology would be a difficult and expensive task for many organizations.
One of the vulnerabilities found by the researchers affected a web server created in ABB’s Rapid language. An attacker with access to the network hosting the targeted robot controller could have exploited the security hole to obtain sensitive information, including intellectual property, without authentication. ABB removed the vulnerable app from its RobotStudio store after being alerted.
In another example shared by Trend Micro, an open source app written for Kuka robots was affected by a vulnerability that could have been exploited to spoof network packets and control the robot’s moveme ..
Support the originator by clicking the read the rest link below.
