Could hackers force industrial cobots to go rogue?
Could hackers force industrial cobots to go rogue?

Could hackers force industrial cobots to go rogue?

Recent work by researchers at IOActive has revealed worrying vulnerabilities in today’s commercially available collaborative robots.   

One of the biggest arguments in favour of collaborative robots, or ‘cobots’, is that they pose way fewer dangers to their human co-workers than traditional industrial robots, as well as being smaller, less costly and highly adaptable to different tasks.

But recent work conducted by researchers at IOActive, a cybersecurity and penetration testing specialise, suggests otherwise. In fact, its authors say, cobots available on the market today are riddled with security vulnerabilities that might be exploited by hackers to cause physical harm to workers.

This builds on previous work conducted earlier this year by the two researchers, Cesar Cerrudo and Lucas Apa, in which they identified almost 50 vulnerabilities in industrial collaborative robots, from companies such as Rethink Robotics and Universal Robots. Since then, they’ve published a blog post that provides more details on how machines might be tampered with remotely, altering safety configurations that prevent them colliding with human co-workers, for example.

Read more: IIoT and the rise of the cobots

Safety first?

These safety configurations are typically used to control such aspects of a cobot’s function as its speed, clamping force, tool orientation (to prevent sharp edges of tools being pointed towards a human operator) and its workspace (so it can move only within a predefined area). As the two researchers have demonstrated, it didn’t take them long to make changes to these settings.

But could these cobots really harm a person? Yes, say the IOactive researchers, pointing to a study by the Control and Robotics Laboratory at the Ecole de Technologie Superieure (ETC) in Montreal, Canada, which showed that even a relatively small UR5 model from Universal Robots is powerful enough to seriously harm a person. “While running at slow speeds, their force is more than sufficient to cause a skull fracture,” the blog post reports.

Read more: Tennplasco recruits collaborative robot to fill human labor gap

Patchy response

In accordance with IOActive’s responsible disclosure policy, the researchers contacted cobot vendors with their findings, “so they have had ample time to address the vulnerabilities and inform their customers.” But the response has been patchy, to say the least: only in the case of Rethink Robotics were major problems quickly patched. Other cobot makers have yet to respond.

“Our goal is to make cobots more secure and prevent vulnerabilities from being exploited by attackers to cause serious harm to industries, employees and their surroundings,” Apa writes. “I truly hope this blog entry moves the collaborative industry forward so we can safely enjoy this and future generations of robots.”