When robots are hacked, the results can be devastating and deadly

The headlines are always on, security breaches are happening all the time, and cybersecurity is a concern for most businesses. If robots are not protected against security breaches, the results of hacking can be devastating…even fatal.
　　

From baristas to pizza chefs, automation is rapidly taking over the economy and could take away 6% of American jobs by 2021. Factories that make phones, cars, and airplanes are already highly dependent on automated assembly equipment. Any security breach could damage a company's reputation and profits.
　　

The Collection #1 data breach earlier this year was dubbed the world’s largest dump of hacked password data, with approximately 6.5 billion user accounts compromised on 340 websites. However, this massive attack was just the latest in a never-ending series of cyberattacks. Alongside parking tickets, politics, and public transportation, hackers have become another common annoyance of modern life.
　　

While hacking is common, security breaches can still have a huge impact. We’re familiar with many of these issues… but what if someone hacked a robot?
　　

Cybersecurity company Trend Micro has found that the cybersecurity mechanisms of some well-known factory robots are also very weak. Some use very simple usernames and passwords that cannot be changed, and some do not even have passwords. A few years ago, a security company called IOActive also emphasized how hackers can use the software of some collaborative robots to do something, and the IP addresses used by tens of thousands of robots are public, which obviously increases the risk of being hacked.

Factory operators and programmers manage robots through remote connection technology, sending instructions to robots through computers or mobile phones. If the connection cannot be guaranteed to be secure at this time, hackers will be able to hijack the robots so that they can change their operations at will, causing defects or damage to the products.
　　

Why do hackers want to hack robots?
We often think of cyberattacks as data theft - hackers obtain passwords and personal data to steal money from people or sell them on the black market. However, there are many more reasons why hackers break into computer systems. Some hackers do it to disrupt services, some to make political points, some to leak private information, and some just for the simple sake of trying.
　　

Here are five reasons why a hacker might want access to a bot:
　　

1. Robots are currently in an emerging field, and hackers can easily change or destroy production results. Hackers can make slight changes to robot programming, which may damage the integrity of the product and make it almost impossible to track.
　　

2. Use a ransomware scheme - Like many computer attacks, hackers can take charge of a robot and block access to it, demanding payment to release it and stop them from causing further damage.
　　

3. Cause physical damage - A damaged robot may cause harm to people and/or equipment, which may cause huge losses to the company and its reputation.
　　

4. Production line interference - Hackers could change the productivity of a robot, causing bottlenecks and/or damaging product on the entire production line.
　　

5. Sensitive data leakage-Any stored data related to industry secrets can be extracted from the robot controller.
　　

What’s the risk?
All security breaches can harm a company’s reputation and profits. However, the fact that robots are physical machines adds an extra reason for concern. They have the potential to cause real physical harm and injury. Since robots are designed to solve human problems, the consequences of a cyberattack could endanger people’s lives, not just the company’s future.
　　

An attack on an industrial robot – whether collaborative or otherwise – could impact 3 key factors:
　　

1. Safety - Cobots are designed to operate safely around humans. Any malicious changes to their safety features could compromise this core functionality.
　　

2. Integrity - Due to the compromised integrity, the robot will no longer be fit for purpose.
　　

3. Accuracy - Small malicious changes in the robot's accuracy may compromise the integrity of the product, while large changes may damage the robot itself.
　　

One of the most worrisome risks is that the safety, integrity and accuracy of a robot could be altered in an almost imperceptible way. A robot could operate in a compromised state for a long time before anyone noticed.
　　

5 ways hackers can attack robots
A few years ago, cybersecurity company Trend Micro discovered five cyber attacks that hackers could use on industrial robots. They also identified the specific impact such hacks could have on the robot, the operator and/or the product.
　　

It’s worth noting that all of these attacks require the hacker to have access to the robot controller, and protecting the controller is one of the main keys to keeping robots secure.
　　

Here are the five attacks they found and their impact:
1. Changing controller parameters Hackers can make subtle changes to the robot's control parameters. This can subtly change the robot's path in a way that is almost undetectable but changes the integrity of the product. Impact: Product is defective or improved
　　

2. Tampering with calibration parameters A hacker may change the calibration parameters of the robot, causing it to move unexpectedly or deviate from its intended path. Impact: Damage to the robot and/or harm to humans.
　　

3. Tampering with production logic Hackers may change the robot program in a small and almost imperceptible way, thereby introducing defects into the product and interfering with the production line. Impact: The product is defective or improved.
　　

4. Changing the robot state A hacker can change the state of a robot to an unsafe state. As IOActive demonstrated in 2017, it is possible for hackers to override the safety limits of a collaborative robot in a way that is almost undetectable to the user. Impact: Harm to humans.
　　

5. Change the robot state perceived by the user A hacker can make the robot appear to be in one state when it is actually in another state so that people around it do not know what state it is actually in. For example, the controller can show that the robot is turned off when it is really running without setting safety limits Impact: harm to humans.
　　

How can you stay safe?
Hackers can present a lot of information about cybersecurity threats in a very alarming way, it's almost like the writers are trying to "scare you into action". However, the purpose of this article is not to scare you into action. Instead, it is designed to open your eyes to some questions you may not have had before, and with this information, you can better understand how to protect your robot from cyberattacks. And one of the best ways to stay safe from hackers is to educate yourself about possible hacks that may occur, so you are prepared!
　　

At the same time, as the intelligence of industrial robots continues to improve, relevant manufacturers should also do a good job in information security protection to prevent hacker intrusion and control risks at the source; on the other hand, for industrial robots in use, manufacturers should regularly check whether there are any faults, and mass-produced products should do a good job of quality inspection. From another perspective, robots are machines after all, and machines will always fail after long-term use, so giving industrial robots "regular physical examinations" is a task that manufacturing manufacturers cannot ignore.