Cyber Security

Everything is online these days creating the perfect storm for cyber shenanigans. Sadly, even industrial robotic equipment is easily compromised because of our ever increasingly connected world. A new report by Trend Micro shows a set of attacks on robot arms and other industrial automation hardware.

This may not seem like a big deal but image a scenario where an attacker intentionally builds invisible defects into thousands of cars without the manufacturer even knowing. Just about everything in a car these days is built using robotic arms. The Chassis could be built too weak, the engine could be built with weaknesses that will fail far before the expected lifespan. Even your brake disks could have manufacturing defects introduced by a computer hacker causing them to shatter under heavy braking. The Forward-looking Threat Research (FTR) team decided to check the feasibility of such attacks and what they found was shocking. Tests were performed in a laboratory with a real in work robot. They managed to come up with five different attack methods.

Attack 1: Altering the Controller’s Parameters
The attacker alters the control system so the robot moves unexpectedly or inaccurately, at the attacker’s will.

Concrete Effects: Defective or modified products
Requirements Violated: Safety, Integrity, Accuracy

Attack 2: Tampering with Calibration Parameters
The attacker changes the calibration to make the robot move unexpectedly or inaccurately, at the attacker’s will.

Concrete Effects: Damage to the robot
Requirements Violated: Safety, Integrity, Accuracy

Why are these robots even connected? As automated factories become more complex it becomes a much larger task to maintain all of the systems. The industry is moving toward more connectivity to monitor the performance of all machines on the factory floor, tracking their service lifetime and alerting when preventive maintenance is necessary. This sounds great for its intended use, but as with all connected devices there are vulnerabilities introduced because of this connectivity. This becomes especially concerning when you consider the reality that often equipment that goes into service simply doesn’t get crucial security updates for any number of reasons (ignorance, constant use, etc.).

For the rest of the attack vectors and more detailed info you should refer to the report (PDF) which is quite an interesting read. The video below also shows insight into how these type of attacks might affect the manufacturing process.

Continue reading “Industrial Robots, Hacking And Sabotage” →

Cyber security is on everyone’s minds these days. Embedded devices like cameras have been used by bad guys to launch attacks on the Internet. People worry about data leaking from voice command devices or home automation systems. And this goes for the roll-your-own systems we build and deploy.

Many network-aware systems use Linux somewhere — one big example is pretty much every Raspberry Pi based project. How much do you think about security when you deploy a Pi? There is a superior security system available for Linux (including most versions you’d use on the Pi) called SELinux. The added letters on the front are for “Security-Enhanced” and this project was originally started by the NSA and RedHat. RedHat actually has — no kidding — a coloring book that helps explain some of the basic concepts.

We aren’t so sure the coloring book format is really the right approach here, but it is a light and informative read (we didn’t stay in the lines very well, though). Our one complaint is that it doesn’t really show you anything in practice, it just explains the ideas behind the different kind of protections available in SELinux. If you want to actually set it up on Pi, there’s a page on the Pi site that will help. If you have an hour, you can get a good overview of using SELinux in the video below.

Continue reading “Better Linux Through Coloring” →