Open-source scanning tool can find vulnerable robots
The tool dubbed aztarna (“footprint” in Basque language) allows security researchers to audit robots connected to the web, locating and identifying robots and their components, not only in the open internet, but also upon industrial environments where robots operate.
As a demonstration, the company says a first scan using aztarna revealed close to 9000 insecure industrial routers potentially hosting more connected vulnerable robots. In a study titled “aztarna, a footprinting tool for robots“, researchers from Alias Robotics detailed that 1586 of those insecure routers were in Europe, with France and Spain leading the ranking of misconfigured devices at 63% and 54% respectively. North American countries such as the US and Canada also showed a large proportion of misconfigured industrial routers.
Most popular industrial routers from Ewon, Moxa, Westermo and Sierra Wireless manufacturers were scanned as they represent the majority of industrial routers nowadays. 26801 routers were found, out of which 8958 (a stunning 33%) were tagged as insecure. Results showed that most countries follow a similar balance between correctly configured and misconfigured devices, Colombia being the most insecure country with 26 connected devices of which 100% were using default credentials.
Regarding European countries with a larger number of connected routers, France stands out in the proportion of misconfigured devices, reported to display a total of 416 devices, 261 of them (63%) exposing default credentials, according to the study. Spain follows with 54% of the studied industrial routers being configured with default credentials. North American countries showed the highest amount of industrial routers detected, with poor security settings in 36% in the US and 41% in Canadian routers.
The Alias Robotics team performed two different scans through the whole internet address space searching for open ROS Master in the 11311 port. Then, aztarna was used to verify that the hosts actually corresponded to machines running ROS. A striking amount of 106 ROS Systems were detected, most of them in the US (52) and Korea (16). Some of the ROS instances found corresponded to empty systems or simulations, but a considerable proportion of real robots were identified. Including an array of research oriented machines, but also a series of robots in industrial environments.
As potential targets for cyberattacks, robots “need to be secured as soon as possible” alert the authors, adding that so far manufacturers are not responding, although end users are becoming aware of the problem.
Last summer, the University of Brown published a research on robot visibility on the internet. Scanning the internet, they found over 100 ROS-running internet-connected robots that were potential targets for cybercrime and mischief. This massive security issue got big international echo. Six months later, researchers from the robot cybersecurity startup Alias Robotics found no changes: hundreds of robots are still openly connected to the internet and potentially hackable.
Moreover, Alias Robotics’ offensive team has extended the scan to other robots not running ROS. “Our aim was to improve, systematize and extend the results of previous studies. We target not only robots powered by the Robot Operating System (ROS), but also other setups (SROS, ROS 2.0) and technologies. Beyond robotics frameworks, our work also targets other robots that do not necessarily employ these popular middlewares”, says David Mayoral, CEO of Alias Robotics.
All these detected industrial targets are configured with default credentials and totally unprotected, reveals the study. As the University of Brown research team did, Alias Robotics’ authors have notified the owners of the bots whenever they came across a vulnerable robot. But they have also gone a step further: They have opened up the code.
“We argue against the security by obscurity approach and instead, advocate for robot security powered by continuous assessments, including quality assurance practices in software. Of course, by no means we encourage unauthorized tampering of running robotic systems. Instead we value the importance to empower security researchers and aim to raise security-awareness among roboticists, by releasing this robot security auditing tool”, explains Mayoral.
The study published on the preprint server arXiv sections discloses and describes how the work can be reproduced, and how aztarna allows for future extensions thanks to its modular architecture. The authors argue that the release of these tools is a natural consequence of the general lack of concern among robot manufacturers towards security and cybersecurity.
“It’s not only that they are very slow patching their flaws when we warn them. Many just don’t care and say: We know our robots have a set of reported vulnerabilities, but we leave security up to the end user”.
The researchers from Alias Robotics invite for contributions to extend aztarna’s auditing capacities. The startup is actively recruiting and also organizes robot bug bounty programs and open robot vulnerability disclosure programs.
Alias Robotics S.L. – www.aliasrobotics.com