Home General

Discussion

Left ArrowBack to discussions page
Robo09Robo09 Posts: 4 Apprentice
Can anyone from Universal Robot confirm whether or not the security vulnerabilities uncovered by iOActive ( unpatched 3.4.2.65, May 2017) have been addressed in subsequent versions of Polyscope?

https://ioactive.com/exploiting-industrial-collaborative-robots/

Comments

  • David_GariepyDavid_Gariepy Beta Tester Beetle, Wrist Camera URCap 1.3.0, Vacuum Beta tester Posts: 186 Handy
    @JacobBom can you confirm?
    David Gariépy
    Integration Coach
  • JacobBomJacobBom Posts: 11 Handy
    Universal Robots have implemented numerous security patches to the robot OS and PolyScope, since this report was published. 
    However we are also proud to have a fairly open architecture, that allows system integrators and UR+ Partners to easily develop and integrate the solutions they need. 

    The report is based on that the hacker has direct Ethernet access to the robot. 
    And the easiest way to mitigate that risk is simply to a) cut the Ethernet cable, if not needed, b) run the robot solely on a factory LAN network (which we see implemented in most cases), or c) use a sufficiently secure gateway for access to the WWW. 
    In that way, we generally experience and urge that network security measures are implemented between the factory LAN (where robots, PLC's, vision systems etc. can interact) and the WAN network. 
  • aliasroboticsaliasrobotics Posts: 7 Recruit
    Back in 2019, Alias Robotics reported to Universal Robots that we had found a significant amount of vulnerabilities in their UR3, UR5 and UR10 robots, across different versions of their firmware which were of relevant severity and required immediate attention. As today, Universal Robots has not take any actions and therefore show that they do not care about security, Alias Robotics is launching an initiative to empower end-users, distributors and system integrators of Universal Robots' technology with the information they so much require to make use of this technology securely. We are announcing the week of Universal Robots bugs.

    Stay tuned and feel free to make contributions. 
    https://news.aliasrobotics.com/week-of-universal-robots-bugs-exposing-insecurity/
  • cobottiukkocobottiukko Posts: 11 Apprentice
    Back in 2019, Alias Robotics reported to Universal Robots that we had found a significant amount of vulnerabilities in their UR3, UR5 and UR10 robots, across different versions of their firmware which were of relevant severity and required immediate attention. As today, Universal Robots has not take any actions and therefore show that they do not care about security, Alias Robotics is launching an initiative to empower end-users, distributors and system integrators of Universal Robots' technology with the information they so much require to make use of this technology securely. We are announcing the week of Universal Robots bugs.

    Stay tuned and feel free to make contributions. 
    https://news.aliasrobotics.com/week-of-universal-robots-bugs-exposing-insecurity/
    I am not quite sure if I understood the point. As of UR distributor I would like to ask how the hackers get into our robots operating systems which all are locally used in the factories? Do the hackers have to broke into factory to attach Ethernet cable to robot or how this works? Obviously, I am not that good with the computer stuff.

    Thanks!
  • JacobBomJacobBom Posts: 11 Handy
    JacobBom said:
    The report is based on that the hacker has direct Ethernet access to the robot. 
    And the easiest way to mitigate that risk is simply to a) cut the Ethernet cable, if not needed, b) run the robot solely on a factory LAN network (which we see implemented in most cases), or c) use a sufficiently secure gateway for access to the WWW. 
    In that way, we generally experience and urge that network security measures are implemented between the factory LAN (where robots, PLC's, vision systems etc. can interact) and the WAN network. 
    By "direct Ethernet access" above I am referring to physical access to plug in an Ethernet cable.
    The robot system is generally designed to be on a network of trusted devices (cameras, PLC's, Modbus I/O's, etc.).
    This openness allows for easier integration of the broad spectrum of applications seen developed by our channel and UR+ partners.

    If the robot is placed on an open network with inbound access from the whole Internet, and there is no firewall in place at all, the robot will be accessible to the external world, just like any PC or other equipment on that network would be. I have never seen this being the case for factory automation equipment. Normally, factories apply appropriate networking rules and restrict network access with firewalls, or keeping networks local.

    If you only connect the robot to a local network with other trusted automation devices, or there is a separate secure firewall in place (like you would expect from factory networks), you will need physical access to the robot as you suggest. With physical access you could harm the robot. Either by a hammer, by stealing the flash disk or other means. 
  • aliasroboticsaliasrobotics Posts: 7 Recruit
    @cobottiukko the point is that these robots are fully vulnerable and no security (not even basic good practices) have been enabled, exposing you and your clients to all sort of hazards and liabilities (refer to the recent discussion during the European Robotics Forum (https://news.aliasrobotics.com/cs4r-robot-cybersecurity-workshop/) where several experts shared cases where the liabilities, depending on the circunstances might reach the system integrator. See https://news.aliasrobotics.com/cs4r-robot-cybersecurity-workshop/). Universal Robots pushes security to the user. That's their claim. Without arguing on this (and what's my opinion on it after having built 10+ different robot platforms, including manipulators), let me actually dive a bit more into your questions:


    > As of UR distributor I would like to ask how the hackers get into our robots operating systems which all are locally used in the factories?

    There're tons of attack vectors on industrial factories. I encourage you to subscribe to several (many!) of the industrial security advisories to get some intuition on the vulnerabilities being reported. Industrial networks are generally interconnected. Robots are connected devices. IT and OT networks, though segmented (most often, incorrectly as many attacks have demonstrated), often present paths for an attacker got access networks adjacent to the robot. If that happens, given the lack of security of Universal Robots robots, your solutions are fully compromised.

    Security is a process. You as a system integrator (and I presume) solution provider should constantly be informed of new threats, mitigate them and inform your clients.


    Do the hackers have to broke into factory to attach Ethernet cable to robot or how this works? Obviously, I am not that good with the computer stuff.

    Interesting that you react that way. Well I'm sure you'll then enjoy our speech during ROS-Industrial Conference last year (https://news.aliasrobotics.com/alias-robotics-talks-security-at/) where we disclosed some of the results from a survey in robot cybersecurity. The second and third actors causing security issues are "workers" that intentionally or unintentionally impact the robot network. Moreover as adviced above, most industrial networks present physical interconnections (note the physical word in here, regardless of the segmentation which might be vulnerable).

    Summarizing:

    • Currently, your only way to use (e.g.) a UR3 safe from networking security perspective is by simply NOT connecting it to anything. Nothing. Note morever that this only applies to "networking security", from a "systems security" perspective, the robot is still fully vulnerable. See aliasrobotics/RVD#1443 for an exemplary vulnerability.
    • I encourage everyone to consider hardening these robots and apply security patches. We offer such a solution at https://aliasrobotics.com/ris.php.

  • aliasroboticsaliasrobotics Posts: 7 Recruit
    @cobottiukko the point is that these robots are fully vulnerable and no security (not even basic good practices) have been enabled, exposing you and your clients to all sort of hazards and liabilities (refer to the recent discussion during the European Robotics Forum (https://news.aliasrobotics.com/cs4r-robot-cybersecurity-workshop/) where several experts shared cases where the liabilities, depending on the circunstances might reach the system integrator. See https://news.aliasrobotics.com/cs4r-robot-cybersecurity-workshop/). Universal Robots pushes security to the user. That's their claim. Without arguing on this (and what's my opinion on it after having built 10+ different robot platforms, including manipulators), let me actually dive a bit more into your questions:As of UR distributor I would like to ask how the hackers get into our robots operating systems which all are locally used in the factories?


    > As of UR distributor I would like to ask how the hackers get into our robots operating systems which all are locally used in the factories?

    There're tons of attack vectors on industrial factories. I encourage you to subscribe to several (many!) of the industrial security advisories to get some intuition on the vulnerabilities being reported. Industrial networks are generally interconnected. Robots are connected devices. IT and OT networks, though segmented (most often, incorrectly as many attacks have demonstrated), often present paths for an attacker got access networks adjacent to the robot. If that happens, given the lack of security of Universal Robots robots, your solutions are fully compromised.

    Security is a process. You as a system integrator (and I presume) solution provider should constantly be informed of new threats, mitigate them and inform your clients.


    Do the hackers have to broke into factory to attach Ethernet cable to robot or how this works? Obviously, I am not that good with the computer stuff.

    Interesting that you react that way. Well I'm sure you'll then enjoy our speech during ROS-Industrial Conference last year (https://news.aliasrobotics.com/alias-robotics-talks-security-at/) where we disclosed some of the results from a survey in robot cybersecurity. The second and third actors causing security issues are "workers" that intentionally or unintentionally impact the robot network. Moreover as adviced above, most industrial networks present physical interconnections (note the physical word in here, regardless of the segmentation which might be vulnerable).

    Summarizing:

    • Currently, your only way to use (e.g.) a UR3 safe from networking security perspective is by simply NOT connecting it to anything. Nothing. Note morever that this only applies to "networking security", from a "systems security" perspective, the robot is still fully vulnerable. See aliasrobotics/RVD#1443 for an exemplary vulnerability.
    • I encourage everyone to consider hardening these robots and apply security patches. We offer such a solution at https://aliasrobotics.com/ris.php.
  • aliasroboticsaliasrobotics Posts: 7 Recruit
    @cobottiukko the point is that these robots are fully vulnerable and no security (not even basic good practices) have been enabled, exposing you and your clients to all sort of hazards and liabilities (refer to the recent discussion during the European Robotics Forum (https://news.aliasrobotics.com/cs4r-robot-cybersecurity-workshop/) where several experts shared cases where the liabilities, depending on the circunstances might reach the system integrator. See https://news.aliasrobotics.com/cs4r-robot-cybersecurity-workshop/). Universal Robots pushes security to the user. That's their claim. Without arguing on this (and what's my opinion on it after having built 10+ different robot platforms, including manipulators), let me actually dive a bit more into your questions:As of UR distributor I would like to ask how the hackers get into our robots operating systems which all are locally used in the factories?


    > As of UR distributor I would like to ask how the hackers get into our robots operating systems which all are locally used in the factories?

    There're tons of attack vectors on industrial factories. I encourage you to subscribe to several (many!) of the industrial security advisories to get some intuition on the vulnerabilities being reported. Industrial networks are generally interconnected. Robots are connected devices. IT and OT networks, though segmented (most often, incorrectly as many attacks have demonstrated), often present paths for an attacker got access networks adjacent to the robot. If that happens, given the lack of security of Universal Robots robots, your solutions are fully compromised.

    Security is a process. You as a system integrator (and I presume) solution provider should constantly be informed of new threats, mitigate them and inform your clients.


    Do the hackers have to broke into factory to attach Ethernet cable to robot or how this works? Obviously, I am not that good with the computer stuff.

    Interesting that you react that way. Well I'm sure you'll then enjoy our speech during ROS-Industrial Conference last year (https://news.aliasrobotics.com/alias-robotics-talks-security-at/) where we disclosed some of the results from a survey in robot cybersecurity. The second and third actors causing security issues are "workers" that intentionally or unintentionally impact the robot network. Moreover as adviced above, most industrial networks present physical interconnections (note the physical word in here, regardless of the segmentation which might be vulnerable).

    Summarizing:

    • Currently, your only way to use (e.g.) a UR3 safe from networking security perspective is by simply NOT connecting it to anything. Nothing. Note morever that this only applies to "networking security", from a "systems security" perspective, the robot is still fully vulnerable. See aliasrobotics/RVD#1443 for an exemplary vulnerability.
    • I encourage everyone to consider hardening these robots and apply security patches. We offer such a solution at https://aliasrobotics.com/ris.php.
  • aliasroboticsaliasrobotics Posts: 7 Recruit
    @cobottiukko the point is that these robots are fully vulnerable and no security (not even basic good practices) have been enabled, exposing you and your clients to all sort of hazards and liabilities (refer to the recent discussion during the European Robotics Forum (https://news.aliasrobotics.com/cs4r-robot-cybersecurity-workshop/) where several experts shared cases where the liabilities, depending on the circunstances might reach the system integrator. See https://news.aliasrobotics.com/cs4r-robot-cybersecurity-workshop/). Universal Robots pushes security to the user. That's their claim. Without arguing on this (and what's my opinion on it after having built 10+ different robot platforms, including manipulators), let me actually dive a bit more into your questions:As of UR distributor I would like to ask how the hackers get into our robots operating systems which all are locally used in the factories?


    > As of UR distributor I would like to ask how the hackers get into our robots operating systems which all are locally used in the factories?

    There're tons of attack vectors on industrial factories. I encourage you to subscribe to several (many!) of the industrial security advisories to get some intuition on the vulnerabilities being reported. Industrial networks are generally interconnected. Robots are connected devices. IT and OT networks, though segmented (most often, incorrectly as many attacks have demonstrated), often present paths for an attacker got access networks adjacent to the robot. If that happens, given the lack of security of Universal Robots robots, your solutions are fully compromised.

    Security is a process. You as a system integrator (and I presume) solution provider should constantly be informed of new threats, mitigate them and inform your clients.


    Do the hackers have to broke into factory to attach Ethernet cable to robot or how this works? Obviously, I am not that good with the computer stuff.

    Interesting that you react that way. Well I'm sure you'll then enjoy our speech during ROS-Industrial Conference last year (https://news.aliasrobotics.com/alias-robotics-talks-security-at/) where we disclosed some of the results from a survey in robot cybersecurity. The second and third actors causing security issues are "workers" that intentionally or unintentionally impact the robot network. Moreover as adviced above, most industrial networks present physical interconnections (note the physical word in here, regardless of the segmentation which might be vulnerable).

    Summarizing:

    • Currently, your only way to use (e.g.) a UR3 safe from networking security perspective is by simply NOT connecting it to anything. Nothing. Note morever that this only applies to "networking security", from a "systems security" perspective, the robot is still fully vulnerable. See aliasrobotics/RVD#1443 for an exemplary vulnerability.
    • I encourage everyone to consider hardening these robots and apply security patches. We offer such a solution at https://aliasrobotics.com/ris.php.

  • aliasroboticsaliasrobotics Posts: 7 Recruit
    @cobottiukko the point is that these robots are fully vulnerable and no security (not even basic good practices) have been enabled, exposing you and your clients to all sort of hazards and liabilities (refer to the recent discussion during the European Robotics Forum (https://news.aliasrobotics.com/cs4r-robot-cybersecurity-workshop/) where several experts shared cases where the liabilities, depending on the circunstances might reach the system integrator. See https://news.aliasrobotics.com/cs4r-robot-cybersecurity-workshop/). Universal Robots pushes security to the user. That's their claim. Without arguing on this (and what's my opinion on it after having built 10+ different robot platforms, including manipulators), let me actually dive a bit more into your questions:As of UR distributor I would like to ask how the hackers get into our robots operating systems which all are locally used in the factories?


    > As of UR distributor I would like to ask how the hackers get into our robots operating systems which all are locally used in the factories?

    There're tons of attack vectors on industrial factories. I encourage you to subscribe to several (many!) of the industrial security advisories to get some intuition on the vulnerabilities being reported. Industrial networks are generally interconnected. Robots are connected devices. IT and OT networks, though segmented (most often, incorrectly as many attacks have demonstrated), often present paths for an attacker got access networks adjacent to the robot. If that happens, given the lack of security of Universal Robots robots, your solutions are fully compromised.

    Security is a process. You as a system integrator (and I presume) solution provider should constantly be informed of new threats, mitigate them and inform your clients.


    Do the hackers have to broke into factory to attach Ethernet cable to robot or how this works? Obviously, I am not that good with the computer stuff.

    Interesting that you react that way. Well I'm sure you'll then enjoy our speech during ROS-Industrial Conference last year (https://news.aliasrobotics.com/alias-robotics-talks-security-at/) where we disclosed some of the results from a survey in robot cybersecurity. The second and third actors causing security issues are "workers" that intentionally or unintentionally impact the robot network. Moreover as adviced above, most industrial networks present physical interconnections (note the physical word in here, regardless of the segmentation which might be vulnerable).

    Summarizing:

    • Currently, your only way to use (e.g.) a UR3 safe from networking security perspective is by simply NOT connecting it to anything. Nothing. Note morever that this only applies to "networking security", from a "systems security" perspective, the robot is still fully vulnerable. See aliasrobotics/RVD#1443 for an exemplary vulnerability.
    • I encourage everyone to consider hardening these robots and apply security patches. We offer such a solution at https://aliasrobotics.com/ris.php.

  • aliasroboticsaliasrobotics Posts: 7 Recruit
    @cobottiukko the point is that these robots are fully vulnerable and no security (not even basic good practices) have been enabled, exposing you and your clients to all sort of hazards and liabilities (refer to the recent discussion during the European Robotics Forum (https://news.aliasrobotics.com/cs4r-robot-cybersecurity-workshop/) where several experts shared cases where the liabilities, depending on the circunstances might reach the system integrator. See https://news.aliasrobotics.com/cs4r-robot-cybersecurity-workshop/). Universal Robots pushes security to the user. That's their claim. Without arguing on this (and what's my opinion on it after having built 10+ different robot platforms, including manipulators), let me actually dive a bit more into your questions:As of UR distributor I would like to ask how the hackers get into our robots operating systems which all are locally used in the factories?


    > As of UR distributor I would like to ask how the hackers get into our robots operating systems which all are locally used in the factories?

    There're tons of attack vectors on industrial factories. I encourage you to subscribe to several (many!) of the industrial security advisories to get some intuition on the vulnerabilities being reported. Industrial networks are generally interconnected. Robots are connected devices. IT and OT networks, though segmented (most often, incorrectly as many attacks have demonstrated), often present paths for an attacker got access networks adjacent to the robot. If that happens, given the lack of security of Universal Robots robots, your solutions are fully compromised.

    Security is a process. You as a system integrator (and I presume) solution provider should constantly be informed of new threats, mitigate them and inform your clients.


    Do the hackers have to broke into factory to attach Ethernet cable to robot or how this works? Obviously, I am not that good with the computer stuff.

    Interesting that you react that way. Well I'm sure you'll then enjoy our speech during ROS-Industrial Conference last year (https://news.aliasrobotics.com/alias-robotics-talks-security-at/) where we disclosed some of the results from a survey in robot cybersecurity. The second and third actors causing security issues are "workers" that intentionally or unintentionally impact the robot network. Moreover as adviced above, most industrial networks present physical interconnections (note the physical word in here, regardless of the segmentation which might be vulnerable).

    Summarizing:

    • Currently, your only way to use (e.g.) a UR3 safe from networking security perspective is by simply NOT connecting it to anything. Nothing. Note morever that this only applies to "networking security", from a "systems security" perspective, the robot is still fully vulnerable. See aliasrobotics/RVD#1443 for an exemplary vulnerability.
    • I encourage everyone to consider hardening these robots and apply security patches. We offer such a solution at https://aliasrobotics.com/ris.php.

  • vmayoralvmayoral Posts: 0 Recruit

    @cobottiukko the point is that these robots are fully vulnerable and no security (not even basic good practices) have been enabled, exposing you and your clients to all sort of hazards and liabilities (refer to the recent discussion during the European Robotics Forum (https://news.aliasrobotics.com/cs4r-robot-cybersecurity-workshop/) where several experts shared cases where the liabilities, depending on the circumstances might reach the system integrator. See https://news.aliasrobotics.com/cs4r-robot-cybersecurity-workshop/). Universal Robots pushes security to the user. That's their claim. Without arguing on this (and what's my opinion on it after having built 10+ different robot platforms, including manipulators), let me actually dive a bit more into your questions:

    > As of UR distributor I would like to ask how the hackers get into our robots operating systems which all are locally used in the factories?
    There're tons of attack vectors on industrial factories. I encourage you to subscribe to several (many!) of the industrial security advisories to get some intuition on the vulnerabilities being reported. Industrial networks are generally interconnected. Robots are connected devices. IT and OT networks, though segmented (most often, incorrectly as many attacks have demonstrated), often present paths for an attacker got access networks adjacent to the robot. If that happens, given the lack of security of Universal Robots robots, your solutions are fully compromised.

    Security is a process. You as a system integrator (and I presume) solution provider should constantly be informed of new threats, mitigate them and inform your clients.

    > Do the hackers have to broke into factory to attach Ethernet cable to robot or how this works? Obviously, I am not that good with the computer stuff.

    Interesting that you react that way. Well I'm sure you'll then enjoy our speech during ROS-Industrial Conference last year (https://news.aliasrobotics.com/alias-robotics-talks-security-at/) where we disclosed some of the results from a survey in robot cybersecurity. The second and third actors causing security issues are "workers" that intentionally or unintentionally impact the robot network. Moreover as adviced above, most industrial networks present physical interconnections (note the physical word in here, regardless of the segmentation which might be vulnerable).

    Summarizing:
    - Currently, your only way to use (e.g.) a UR3 safe from networking security perspective is by simply NOT connecting it to anything. Nothing. Note morever that this only applies to "networking security", from a "systems security" perspective, the robot is still fully vulnerable. See https://github.com/aliasrobotics/RVD/issues/1443 for an exemplary vulnerability.
    - I encourage everyone to consider hardening these robots and apply security patches. We offer such a solution at https://aliasrobotics.com/ris.php.






  • vmayoralvmayoral Posts: 0 Recruit

    @cobottiukko the point is that these robots are fully vulnerable and no security (not even basic good practices) have been enabled, exposing you and your clients to all sort of hazards and liabilities (refer to the recent discussion during the European Robotics Forum (https://news.aliasrobotics.com/cs4r-robot-cybersecurity-workshop/) where several experts shared cases where the liabilities, depending on the circumstances might reach the system integrator. See https://news.aliasrobotics.com/cs4r-robot-cybersecurity-workshop/). Universal Robots pushes security to the user. That's their claim. Without arguing on this (and what's my opinion on it after having built 10+ different robot platforms, including manipulators), let me actually dive a bit more into your questions:

    > As of UR distributor I would like to ask how the hackers get into our robots operating systems which all are locally used in the factories?
    There're tons of attack vectors on industrial factories. I encourage you to subscribe to several (many!) of the industrial security advisories to get some intuition on the vulnerabilities being reported. Industrial networks are generally interconnected. Robots are connected devices. IT and OT networks, though segmented (most often, incorrectly as many attacks have demonstrated), often present paths for an attacker got access networks adjacent to the robot. If that happens, given the lack of security of Universal Robots robots, your solutions are fully compromised.

    Security is a process. You as a system integrator (and I presume) solution provider should constantly be informed of new threats, mitigate them and inform your clients.

    > Do the hackers have to broke into factory to attach Ethernet cable to robot or how this works? Obviously, I am not that good with the computer stuff.

    Interesting that you react that way. Well I'm sure you'll then enjoy our speech during ROS-Industrial Conference last year (https://news.aliasrobotics.com/alias-robotics-talks-security-at/) where we disclosed some of the results from a survey in robot cybersecurity. The second and third actors causing security issues are "workers" that intentionally or unintentionally impact the robot network. Moreover as adviced above, most industrial networks present physical interconnections (note the physical word in here, regardless of the segmentation which might be vulnerable).

    Summarizing:
    - Currently, your only way to use (e.g.) a UR3 safe from networking security perspective is by simply NOT connecting it to anything. Nothing. Note morever that this only applies to "networking security", from a "systems security" perspective, the robot is still fully vulnerable. See https://github.com/aliasrobotics/RVD/issues/1443 for an exemplary vulnerability.
    - I encourage everyone to consider hardening these robots and apply security patches. We offer such a solution at https://aliasrobotics.com/ris.php.






Sign In or Register to comment.
Left ArrowBack to discussions page