The robo cyber security firm from Vitoria-Gasteiz (Spain) is once again leading an investigation involving international experts on the importance of security in the Robot Operating System (ROS) and the DDS communications middlware
The participants in the study have discovered more than a dozen of dangerous vulnerabilities present in more than 650 devices online today, very common in the Industrial field, the University, and even in Hospitals and Military Agencies
Alias Robotics' research has been cited and published by the United States Cybersecurity Infrastructure and Security Agency, which reflects the importance of the conclusions set forth.
To mitigate these vulnerabilities, Alias Robotics has contributed to SROS2, a series of developer tools to detect insecurities in ROS 2 and DDS
VITORIA, Spain, March 30, 2022 /PRNewswire/ -- A team of researchers led by the Spanish firm Alias Robotics - specialized in robotic cybersecurity - together with cybersecurity experts from several multinationals and cybersecurity professionals from various governments, have discovered about fifteen dangerous vulnerabilities, some critical, in the Robot Operating System (ROS) and the DDS communications protocols that affect industrial systems and robots that, if used by cybercriminals, could have "devastating consequences. In turn, they have detected that these vulnerabilities are present in almost 650 different devices exposed on the Internet and used not only in industry, but also in healthcare or in the military field.
(PRNewsfoto/Alias Robotics)
Robotics and IT security professionals from the firm Alias Robotics in Spain have collaborated in recent months with security experts from around the world in the detection of security vulnerabilities in the Robot Operating System (ROS) and in the software communications middleware DDS ("Data Distribution Service"), present in many systems (autonomous cars, industrial robotic arms, aerospace systems, military equipment, critical infrastructure, ), as well as in industrial robots.
In particular, the vulnerabilities affect DDS, an 'intermediate software' (called middleware) that is the main communication bus between different robotic devices, that is, the core of ROS 2 (Robot Operating System ), which is used by the majority of robotics engineers for all types of present or future industrial robots, with applications in the business world, in the industrial field, but also in the world of health, as is the case of surgical robots. As per Victor Vilches studies suggests that the use of ROS will grow significantly over the next few years and that by 2024, 55% of commercialized robots will use ROS.
Story continues
From Alias Robotics -specialized in robot cyber security- it is considered that "DDS is a middleware still largely insecure communications technology , used in areas where security is very important, so investment in cybersecurity is needed immediately". They also consider that the response times of the DDS manufacturers are too long, "which greatly exposes these systems to cyber-attacks," according to Vctor Mayoral-Vilches, a leading robot cybersecurity researcher from Alias Robotics and founder of the startup.
In his opinion, " cybercriminals could today use these vulnerabilities to paralyze robots and critical infrastructures all over the world leveraging DDS". The company from Vitoria warns that it is necessary for robotics and automation companies to invest in cybersecurity and cooperate "with qualified groups in robot cybersecurity".
Summary of results
The results of this research derive from the collaboration of several researchers including Vctor Mayoral-Vilches (Alias Robotics), Federico Maggi, Mars Cheng, Patrick Kuo , Chizuru Toyama, Rainer Vosseler, and Ta-Lun Yen (Trend Micro and TxOne) and Erik Boasson (ADLINK Labs).
Its impact in robotics has been led by Alias Robotics and a good part of these vulnerabilities "have not been patched or mitigated by the manufacturers serving robotics companies today".
The team of researchers has come to detect up to 13 security vulnerabilities (some classified as "critical" by cybersecurity experts), which could affect both workers and users who handle industrial robots that include this DDS software. Based on the security-immaturity of DDS, the appearance of new vulnerabilities affecting DDS in the coming months is not ruled out.
One of the conclusions is that these vulnerabilities are present in almost 650 different devices used in across areas of application around the world. From Alias Robotics they have detected devices affected by these vulnerabilities in organizations such as NASA, but also in global data centers (Huawei Cloud Service), large industrial multinationals (Siemens), as well as hospitals, banks and universities in 34 countries, affecting 100 organizations through 89 Internet Service Providers (ISPs).
Key vulnerability findings
These detected vulnerabilities could lead to the loss of control of the robotic device, its complete loss of security, the denial of services through brute force, the possibility of facilitating access to the device through the exploitation of remote services, problems in the supply chain or the fact that attackers abuse the security protocols themselves to create an efficient command and control channel.
The authors of the study, have found that many of these security vulnerabilities - some even with the source code (proprietary) exposed to the public - have been open "for a long time, even years, so today cybercriminals could use them to paralyze critical infrastructure around the world" , according to Vctor Mayoral-Vilches.
In his opinion, "many still robotic device manufacturers prioritize their business development and continue to ignore cybersecurity." Mayoral-Vilches emphasizes that many of the manufacturers refuse to solve the problems "because if they did they would not comply with the DDS standard/specification". This is a problem of magnitude" - emphasizes the founder of Alias Robotics - "since the revision of the DDS standard may take years to be properly revised".
The report, which has been recently cited and published by the United States Agency for Security and Cybersecurity Infrastructure, was presented during 2021 in various forums including 'Black Hat 2021' from Las Vegas, the world's largest annual cybersecurity forum - but also at the ROS-Industrial Conference 2021 and more recently at a session organized by the European Commission on safety, security and performance. His research will continue to be presented throughout 2022 at new conferences and industry forums.
Tools to identify ROS 2 and DDS vulnerabilities
In order to mitigate the threats found and train robotics engineers in security matters, the Alias Robotics team has led a second research effort that has contributed and released a series of extensions to tools under an open source license that allow detecting these vulnerabilities in ROS 2 and DDS.
The results of this effort have been summarized in the article "SROS2: Usable Cyber Security Tools for ROS 2" which has been sent to the International Conference on Robots and Systems (IROS 2022).
Aliases Robotics was founded in 2018 by Vctor Mayoral-Vilches and has become an international leader in cybersecurity solutions for robots. His team is the creator of the first Immune Robot System (RIS), an intelligent antivirus that protects bots from cybercriminals from the inside out. RIS is incorporated into robots to protect them as it evolves and adapts like the human immune system.
Alias Robotics is made up of renowned robotics engineers, scientists and security researchers with more than 10 years of experience. Its clients include large automation companies, government institutions and users of industrial robots http://www.aliasrobotics.com
Communication inquiries:
Vctor Mayoral-Vilches
Phone : 616 151561
e-mail: victor@aliasrobotics.com
Vitoria, lava, Spain
Cision
View original content to download multimedia:https://www.prnewswire.com/news-releases/alias-robotics-discovers-numerous-and-dangerous-vulnerabilities-in-the-robot-operating-systems-ros-communications-that-can-have-devastating-consequences-301513741.html
SOURCE Alias Robotics
Read the original here:
- Brief: NVIDIA's venture arm invests in autonomous weeding startup Carbon Robotics - AgFunderNews - May 11th, 2024 [May 11th, 2024]
- 7 Robotics Stocks to Bet On for Reliable AI-Powered Returns - InvestorPlace - May 11th, 2024 [May 11th, 2024]
- NSF and USDA join forces to boost innovation in agricultural robotics - Future Farming - May 11th, 2024 [May 11th, 2024]
- Meet The Swiss Start-Up Taking On The Tech Giants In Robotics And AI - Forbes - May 11th, 2024 [May 11th, 2024]
- LimX Dynamics' W1 robot can stand, walk and roll on its hind 'legs' - Interesting Engineering - May 11th, 2024 [May 11th, 2024]
- Lear Corporation's acquisition showcases the industry's use of robotics and AI for efficiency and innovation - CBT Automotive News - May 11th, 2024 [May 11th, 2024]
- OMRON and NEURA Robotics Partner to Unveil New Cognitive Robot at Automate 2024 - Automation.com - May 11th, 2024 [May 11th, 2024]
- Community briefs: Ravenswood robotics at world championship, Bike to the Library Day - The Almanac Online - May 11th, 2024 [May 11th, 2024]
- JCHS Robotics shimes at VEX World Competition | Community News - The Tomahawk - May 11th, 2024 [May 11th, 2024]
- Carbon Robotics to Help Revolutionize Farming with AI, Using Investment from NVentures - Business Wire - May 11th, 2024 [May 11th, 2024]
- Nvidia's DrEureka outperforms humans in training robotics systems - VentureBeat - May 11th, 2024 [May 11th, 2024]
- Humanoid Robots: The Next-Generation Robotic Workforce - Tech Briefs - May 11th, 2024 [May 11th, 2024]
- PHOTOS Motiva helping fund Port Arthur ISD robotics and engineering - Port Arthur News - The Port Arthur News - May 11th, 2024 [May 11th, 2024]
- Kiwanis Club of Miami helps fund McMillan MS robotics team trip - Miami's Community Newspapers - May 11th, 2024 [May 11th, 2024]
- The Interplay Between Robotics and Artificial Intelligence in Manufacturing | RoboticsTomorrow - Robotics Tomorrow - May 11th, 2024 [May 11th, 2024]
- Doosan Robotics releases its longest reach cobots with PRIME SERIES - Robot Report - May 11th, 2024 [May 11th, 2024]
- KION North America and Fox Robotics Announce Non-Exclusive Strategic Partnership - Automation.com - May 11th, 2024 [May 11th, 2024]
- Ag tech startup Carbon Robotics lands Nvidia investment - The Business Journals - May 11th, 2024 [May 11th, 2024]
- Mars Robotics offers chance to drive Mars rover on Saturday - Butler Eagle - May 11th, 2024 [May 11th, 2024]
- Comparative analysis of robot-assisted language learning systems and human tutors in English conversation lessons - EurekAlert - May 11th, 2024 [May 11th, 2024]
- Valencia College to more than double students training in semiconductors, robotics and optics - The Business Journals - May 11th, 2024 [May 11th, 2024]
- DeepMind is experimenting with a nearly indestructible robot hand - New Scientist - May 11th, 2024 [May 11th, 2024]
- Five Things to Consider Before Adopting Robotics for Warehouse Automation - Automation.com - May 11th, 2024 [May 11th, 2024]
- Nvidia and Alphabet's Intrinsic aim to revolutionize next-gen robotics - VentureBeat - May 11th, 2024 [May 11th, 2024]
- NVIDIA and Alphabet's Intrinsic Put Next-Gen Robotics Within Grasp - Automation.com - May 11th, 2024 [May 11th, 2024]
- STEM robotics team celebrates 10 years and remembers hero who saved lives - Denver 7 Colorado News - May 11th, 2024 [May 11th, 2024]
- Zero-shot learning helps Intrinsic pave the future for robotics - FierceElectronics - May 11th, 2024 [May 11th, 2024]
- EN robotics team demonstrates real-world learning | News Sun | kpcnews.com - KPCnews.com - May 11th, 2024 [May 11th, 2024]
- Future Innovators Challenged to Design Nuclear Fission and Fusion Decommissioning Robots - Automation.com - May 11th, 2024 [May 11th, 2024]
- Meet Pepper and Bernard: The robots shaping AI research at SDSU - Daily Aztec - May 11th, 2024 [May 11th, 2024]
- Gene Haas Foundation Partner Hosts FIRST Robotics District Competitions - Kettering University - May 5th, 2024 [May 5th, 2024]
- NASA Showcases Innovations at the 2024 FIRST Robotics World Championships - NASA - May 5th, 2024 [May 5th, 2024]
- Robots are invading the San Carlos Branch Library - San Diego Community Newspaper Group - May 5th, 2024 [May 5th, 2024]
- Wyoming-Based Company Makes High-Tech Robots To Go Where Humans Don't Want To - Cowboy State Daily - May 5th, 2024 [May 5th, 2024]
- Anzu Robotics launches U.S.-based clone of DJI Mavic 3 - Robot Report - May 5th, 2024 [May 5th, 2024]
- Carnegie Mellon University's Robotics Institute begins developing drones to fight wildfires - CBS Pittsburgh - May 5th, 2024 [May 5th, 2024]
- 3 Robotics Stocks That Could Be Multibaggers in the Making: Spring Edition - MSN - May 5th, 2024 [May 5th, 2024]
- Hopkinton teams advance to Robotics World Championships - Hopkinton Independent - May 5th, 2024 [May 5th, 2024]
- "Big Cat Robotics" team from Wellsville returns from VRC World Championship - THE WELLSVILLE SUN - THE WELLSVILLE SUN - May 5th, 2024 [May 5th, 2024]
- PropStream-Sponsored Robotics Team Places in Competition - RisMedia.com - May 5th, 2024 [May 5th, 2024]
- Bellefontaine Robotics Team Travels to World Championship Peak of Ohio - peakofohio.com - May 5th, 2024 [May 5th, 2024]
- ASL Aviation Holdings Inks Deal with Reliable Robotics for 30 Aircraft Autonomy Systems - Business Wire - May 5th, 2024 [May 5th, 2024]
- Global Nano Robotics Market Projected to Surge to US$ 19.86 Billion by 2032: Healthcare Trends Catalyzing Nano ... - GlobeNewswire - May 5th, 2024 [May 5th, 2024]
- 'Afghan Dreamers' | Film about Afghan girls robotics team to be screened on May 15 - Piedmont Exedra - May 5th, 2024 [May 5th, 2024]
- 3 Robotics Stocks That Could Be Multibaggers in the Making: Spring Edition - InvestorPlace - May 5th, 2024 [May 5th, 2024]
- The Rise of the Navy Robots - Signal Magazine - May 5th, 2024 [May 5th, 2024]
- Elon Musk Keeps Talking About the Future of Robotics With Optimus, but This Phenomenal Growth Stock Has Already ... - The Motley Fool - May 5th, 2024 [May 5th, 2024]
- Robosen Robotics Teams Up with Hasbro to Debut the Worlds First Auto-Converting Decepticon Megatron! - aNb Media - May 5th, 2024 [May 5th, 2024]
- John P. Stevens Robotics Team Wins Excellence in Technology at Innovators Awards - TAPinto.net - May 5th, 2024 [May 5th, 2024]
- Nala Robotics and Re-Up partner to develop AI-powered robotic chef - Robotics and Automation News - May 5th, 2024 [May 5th, 2024]
- LCSD1 to Host Final Robotics Competition of the School Year Tomorrow - The Cheyenne Post - May 5th, 2024 [May 5th, 2024]
- GMV showcases its robotic inspection capabilities Robotics & Automation News - Robotics and Automation News - May 5th, 2024 [May 5th, 2024]
- Trine's armored robot finishes 4th in national combat - Trine University - May 5th, 2024 [May 5th, 2024]
- Female robotics founders discuss their journeys in the industry - Robot Report - May 5th, 2024 [May 5th, 2024]
- Hanwha Robotics, B-Robotics join hands on restaurant automation project - Aju Press - May 5th, 2024 [May 5th, 2024]
- Dishchii'bikoh Community School Robotics Team Heads to VEX World Championship - White Mountain Independent - May 5th, 2024 [May 5th, 2024]
- ETH unveils space-hopping robot for asteroid exploration - Robotics and Automation News - May 5th, 2024 [May 5th, 2024]
- Nickelytics and Starship release robots at UCLA and Utah universities - Robotics and Automation News - May 1st, 2024 [May 1st, 2024]
- Next-Level Robotics: Enhancing Accuracy with Advanced Multisensory Interfaces - AZoRobotics - May 1st, 2024 [May 1st, 2024]
- Death of Lake Orion teen on robotics trip determined to be suicide, Houston police say - Detroit News - May 1st, 2024 [May 1st, 2024]
- Niqo Robotics Raises $9 Million In Funding Round Led By Brida Innovation Ventures: Report - Outlook India - May 1st, 2024 [May 1st, 2024]
- Mission to 'Holy Grail of Shipwrecks' Will Employ Robotics - USNI News - May 1st, 2024 [May 1st, 2024]
- Kiwibot acquires Auto Mobility Solutions Robotics & Automation News - Robotics and Automation News - May 1st, 2024 [May 1st, 2024]
- Untethered soft actuators for soft standalone robotics - Nature.com - May 1st, 2024 [May 1st, 2024]
- Robotics in the restaurant industry are here to stay: Carlos Gazitua - Fox Business - May 1st, 2024 [May 1st, 2024]
- It's time for UK business to embrace robotics - Design Products & Applications - May 1st, 2024 [May 1st, 2024]
- Meet the `One Percenters' - The Top Ranked Robotics Group from Franklin - Franklin Observer - May 1st, 2024 [May 1st, 2024]
- Atlas, forefather of humanoid robots, gives way to next generation - Marketplace - May 1st, 2024 [May 1st, 2024]
- BlueBotics releases new version of its server fleet management software - Robotics and Automation News - May 1st, 2024 [May 1st, 2024]
- U.S. manufacturers invested heavily in robotics in 2023, finds IFR - Robot Report - May 1st, 2024 [May 1st, 2024]
- This is a unique time: ARK Invests chief futurist tackles tech innovation from AI to robotics - CNBC - May 1st, 2024 [May 1st, 2024]
- U.S. Companies Invest Heavily in Robots - IFR Preliminary Results EMSNow - EMSNow - May 1st, 2024 [May 1st, 2024]
- MiR launches new autonomous mobile forklift-type robot - Robotics and Automation News - May 1st, 2024 [May 1st, 2024]
- Rutland Area Robotics' IBOTS compete in FIRST World Championships finals for first time - Rutland Herald - May 1st, 2024 [May 1st, 2024]
- Micropsi Industries introduces new AI-vision software Robotics & Automation News - Robotics and Automation News - May 1st, 2024 [May 1st, 2024]
- Robots on a Roll: The Future of Farming Is Here Now - Growing Produce - May 1st, 2024 [May 1st, 2024]
- Grand Force, Grand Forks' only FIRST Robotics team, returns from world championship with good memories - Grand Forks Herald - May 1st, 2024 [May 1st, 2024]
- Reston Robotics Team Wins National Competition At Tech Conference - Patch - May 1st, 2024 [May 1st, 2024]
- CapSen Robotics Introduces CapSen PiC 2.0 Bin-Picking Software - Supply and Demand Chain Executive - May 1st, 2024 [May 1st, 2024]
- Gecko Robotics and Al Masaood Energy Partner to Help ADNOC Gas Revolutionize Asset Operations and ... - Business Wire - May 1st, 2024 [May 1st, 2024]