Hacking Factory Robot Arms for Sabotage, Fun & Profit

Black Hat talk will discuss how hackers could take over robotic arms, create micro-defects in products, and open up a new world of subtle blackmail.

Security researchers have been accumulating a trove of breakthrough discoveries on Industrial Internet of Things (IIoT) vulnerabilities and releasing them at the Black Hat Briefings over the last few years - which has certainly helped raise awareness of dangerous flaws in critical infrastructure like power grids and gas pipeline control systems. But theres a lot more to IIoT security than hardening the industrial world against power disruptions.
Next month at Black Hat USA in Las Vegas, a group of researchers will help broaden enterprise security horizons by showing a new use case of how attackers can bridge the cyber world with the physical world by creatively targeting IIoT systems. This time they shifted gears and focused on the factory floor.
In the talk,
Breaking the Laws of Robotics: Attacking Industrial Robots
, a group of researchers from the Politecnico di Milano in Italy stress-tested the cyber and physical security of computer-controlled robotic arms used worldwide in factories throughout a range of manufacturing scenarios.
The idea was to move beyond the question of whether or not an IIoT device like a robotic arm could be hacked, and instead start looking at scenarios of what could be done with these devices once theyre hacked, says Stefano Zanero, one of the researchers. Zanero is associate professor at Politecnico di Milano, as well as a Black Hat review board member.
We looked at not just the how we can break into that specific arm, because that’s not important, but what are the specific things that an attacker that has broken into a computer in a robotic arm can do that is unique [to] the robotic arm and not another computer, he says.

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada, July 22-27, 2017. Click for information on the
conference schedule
and
to register.
The findings transcend the FUD of Cyber 9/11 warnings of yesteryear and will dig into some very realistic scenarios of the kinds of subtle problems attackers could stir up with some simple hacks of IIoT factory systems.
For instance, you can modify some parameters that are not commonly touched by developers, and by doing so, you can introduce microdefects in the production of the robot, he says. So, you can sabotage a production line without that being apparent in any way.
While this kind of sneaky attack could be used to carry out some truly dastardly attacks worthy of a mustache-twirling super-villain - think of supply chains being sabotaged for micro-precision manufacturing to create something like airplane parts - more realistically, it would be used for subtler but still nasty targeted attacks.
You can have somebody introduce a defect into production and then blackmail you, saying, Okay, so in the last month, your production had a critical defect into it. Youre not going to find it out, but you should pay me and well tell you what it is, he says. Its not the classic Dr. Doom scenario where you meet the evil supervillain in order to make it happen, but it’s a very, very basic money-oriented scenario that can happen tomorrow.
Related Content:
8 Hot Hacking Tools to Come Out of Black Hat USA
Look, But Dont Touch: One Key to Better ICS Security
Nuclear Plants, Hospitals at Risk of Hacked Radiation Monitoring Devices
WannaCry Forces Honda to Take Production Plant Offline

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Hacking Factory Robot Arms for Sabotage, Fun & Profit