Collaborative robots, or cobots, count on Internet of Things (IoT) devices, telemetry data, software programming, and remote control for operation, productivity, and safety. These systems and devices present unique opportunities for attack.
Cyberattacks use IoT and Industrial IoT (IIoT) device vulnerabilities to gain unauthorized access to cobots. "IoT and IIoT devices connect to cobots via TCP/IP Ethernet to communicate inputs and instructions and to gain data," says Jim McKenney, practice director, Industrials & Operational Technologies at NCC Group, a cyberthreat management company.
According to McKenney, IoT devices collect a range of data from cobots, including performance metrics such as speed, accuracy, and energy consumption. The devices and data are vulnerable if someone has improperly configured those or if the security is weak, he says.
Vulnerable devices enable hacker reconnaissance of cobot systems. "Cybercriminals can collect information about the cobot's configuration, operating system, or communication protocols to develop customized malware," says Yair Attar, co-founder and CTO of OTORIO, an Operational Technology (OT) environment monitoring provider.
Malware inserts backdoors in systems, providing criminal hackers with remote access. Cybercriminals use command and control servers and bots to orchestrate automated attacks, leveraging and increasing access across networks and devices. Cobots are connected devices, a form of IIoT. The basic principles of attack on them do not differ from any other network-based attack.
In fact, cobots are not necessarily the primary targets in these attacks. "Malware can spread laterally to devices on the network, causing wide, detrimental effects," says Francis Dinha, co-founder and CEO of OpenVPN, Inc., a private networking and cybersecurity company with clients in IoT.
Attackers can use cobots' SSH connections for remote access to change uncompiled scripted code or gcode files to reconfigure the cobot to perform all the wrong motions, explains Michael Nizich, director of the Entrepreneurship & Technology Innovation Center and Cyber Defense Education at New York Institute of Technology.
"Advanced SSH connection support provides an outside user full access to the robot's operating system and controls and the software and scripts on the system that control the cobot's behaviors," says Nizich.
Unfortunately, it is often trivial for criminal hackers to learn these connection options and find cobots to attack. "Many times, vendors publicly advertise the features of software and hardware systems to make them more attractive from a sales perspective. Users discuss the intricate details of the system's functionality on blogs and vlogs as they attempt to troubleshoot issues with the help of other system users," explains Nizich.
Criminal hackers with remote admin credentials can run custom software in a background service to launch a cobot attack on a particular date and time, says Nizich. "That's why you see attacks reported to have occurred on all machines at 9:01 a.m. on a certain date," says Nizich. The software also could record packets from the cobots to prepare for the final attack, he says.
According to Jon Clay, vice president of threat intelligence at Trend Micro, a cloud and endpoint security provider, cybercriminals can launch Man-in-the-Middle (MitM) attacks, inserting themselves between the cobot and the system running it. MitM attacks enable the hackers to collect industrial intelligence from communications between the cobots and their connected resources, such as extraneous networks, databases, and control systems.
According to Clay, criminal hackers can use the data they collect in MitM attacks to identify what they can use in future attacks.
According to Dinha, "if a cobot is collecting data to send to a database, a MitM attack could collect the data and even change it without either side registering the intrusion."
Cobot attacks are happening. According to Attar, "There have been several reported cyberattacks on cobots, but details of the specific attacks are often not made public."
Today's attacks are primarily to prepare for future attacks. "My main fear is these actors could have dropped some backdoors for future access," says Clay.
"The costs and aftermath of cobot attacks can vary widely depending on the extent of the damage, the time to recover, and the business impact," says Attar.
"For example, a single cyber incident can cause financial losses, production delays, reputational damage, and legal liabilities. The costs can range from a few thousand dollars to millions, depending on the size and complexity of the organization and the attack's severity. The aftermath can also include regulatory compliance, insurance claims, and investment in cybersecurity measures to prevent future incidents," says Attar.
David Geer is a journalist who focuses on issues related to cybersecurity. He writes from Cleveland, OH, USA.