Home General

Discussion

Left ArrowBack to discussions page
Robo09Robo09 Posts: 4 Apprentice
Can anyone from Universal Robot confirm whether or not the security vulnerabilities uncovered by iOActive ( unpatched 3.4.2.65, May 2017) have been addressed in subsequent versions of Polyscope?

https://ioactive.com/exploiting-industrial-collaborative-robots/

Comments

  • David_GariepyDavid_Gariepy Beta Tester Beetle, Wrist Camera URCap 1.3.0, Vacuum Beta tester Posts: 183 Handy
    @JacobBom can you confirm?
    David Gariépy
    Integration Coach
  • JacobBomJacobBom Posts: 9 Handy
    Universal Robots have implemented numerous security patches to the robot OS and PolyScope, since this report was published. 
    However we are also proud to have a fairly open architecture, that allows system integrators and UR+ Partners to easily develop and integrate the solutions they need. 

    The report is based on that the hacker has direct Ethernet access to the robot. 
    And the easiest way to mitigate that risk is simply to a) cut the Ethernet cable, if not needed, b) run the robot solely on a factory LAN network (which we see implemented in most cases), or c) use a sufficiently secure gateway for access to the WWW. 
    In that way, we generally experience and urge that network security measures are implemented between the factory LAN (where robots, PLC's, vision systems etc. can interact) and the WAN network. 
  • aliasroboticsaliasrobotics Posts: 1 Recruit
    Back in 2019, Alias Robotics reported to Universal Robots that we had found a significant amount of vulnerabilities in their UR3, UR5 and UR10 robots, across different versions of their firmware which were of relevant severity and required immediate attention. As today, Universal Robots has not take any actions and therefore show that they do not care about security, Alias Robotics is launching an initiative to empower end-users, distributors and system integrators of Universal Robots' technology with the information they so much require to make use of this technology securely. We are announcing the week of Universal Robots bugs.

    Stay tuned and feel free to make contributions. 
    https://news.aliasrobotics.com/week-of-universal-robots-bugs-exposing-insecurity/
  • cobottiukkocobottiukko Posts: 7 Apprentice
    Back in 2019, Alias Robotics reported to Universal Robots that we had found a significant amount of vulnerabilities in their UR3, UR5 and UR10 robots, across different versions of their firmware which were of relevant severity and required immediate attention. As today, Universal Robots has not take any actions and therefore show that they do not care about security, Alias Robotics is launching an initiative to empower end-users, distributors and system integrators of Universal Robots' technology with the information they so much require to make use of this technology securely. We are announcing the week of Universal Robots bugs.

    Stay tuned and feel free to make contributions. 
    https://news.aliasrobotics.com/week-of-universal-robots-bugs-exposing-insecurity/
    I am not quite sure if I understood the point. As of UR distributor I would like to ask how the hackers get into our robots operating systems which all are locally used in the factories? Do the hackers have to broke into factory to attach Ethernet cable to robot or how this works? Obviously, I am not that good with the computer stuff.

    Thanks!
Sign In or Register to comment.
Left ArrowBack to discussions page