The robo cyber security firm from Vitoria-Gasteiz (Spain) is once again leading an investigation involving international experts on the importance of security in the Robot Operating System (ROS) and the DDS communications middlware
The participants in the study have discovered more than a dozen of dangerous vulnerabilities present in more than 650 devices online today, very common in the Industrial field, the University, and even in Hospitals and Military Agencies
Alias Robotics' research has been cited and published by the United States Cybersecurity Infrastructure and Security Agency, which reflects the importance of the conclusions set forth.
To mitigate these vulnerabilities, Alias Robotics has contributed to SROS2, a series of developer tools to detect insecurities in ROS 2 and DDS
VITORIA, Spain, March 30, 2022 /PRNewswire/ -- A team of researchers led by the Spanish firm Alias Robotics - specialized in robotic cybersecurity - together with cybersecurity experts from several multinationals and cybersecurity professionals from various governments, have discovered about fifteen dangerous vulnerabilities, some critical, in the Robot Operating System (ROS) and the DDS communications protocols that affect industrial systems and robots that, if used by cybercriminals, could have "devastating consequences. In turn, they have detected that these vulnerabilities are present in almost 650 different devices exposed on the Internet and used not only in industry, but also in healthcare or in the military field.
(PRNewsfoto/Alias Robotics)
Robotics and IT security professionals from the firm Alias Robotics in Spain have collaborated in recent months with security experts from around the world in the detection of security vulnerabilities in the Robot Operating System (ROS) and in the software communications middleware DDS ("Data Distribution Service"), present in many systems (autonomous cars, industrial robotic arms, aerospace systems, military equipment, critical infrastructure, ), as well as in industrial robots.
In particular, the vulnerabilities affect DDS, an 'intermediate software' (called middleware) that is the main communication bus between different robotic devices, that is, the core of ROS 2 (Robot Operating System ), which is used by the majority of robotics engineers for all types of present or future industrial robots, with applications in the business world, in the industrial field, but also in the world of health, as is the case of surgical robots. As per Victor Vilches studies suggests that the use of ROS will grow significantly over the next few years and that by 2024, 55% of commercialized robots will use ROS.
Story continues
From Alias Robotics -specialized in robot cyber security- it is considered that "DDS is a middleware still largely insecure communications technology , used in areas where security is very important, so investment in cybersecurity is needed immediately". They also consider that the response times of the DDS manufacturers are too long, "which greatly exposes these systems to cyber-attacks," according to Vctor Mayoral-Vilches, a leading robot cybersecurity researcher from Alias Robotics and founder of the startup.
In his opinion, " cybercriminals could today use these vulnerabilities to paralyze robots and critical infrastructures all over the world leveraging DDS". The company from Vitoria warns that it is necessary for robotics and automation companies to invest in cybersecurity and cooperate "with qualified groups in robot cybersecurity".
Summary of results
The results of this research derive from the collaboration of several researchers including Vctor Mayoral-Vilches (Alias Robotics), Federico Maggi, Mars Cheng, Patrick Kuo , Chizuru Toyama, Rainer Vosseler, and Ta-Lun Yen (Trend Micro and TxOne) and Erik Boasson (ADLINK Labs).
Its impact in robotics has been led by Alias Robotics and a good part of these vulnerabilities "have not been patched or mitigated by the manufacturers serving robotics companies today".
The team of researchers has come to detect up to 13 security vulnerabilities (some classified as "critical" by cybersecurity experts), which could affect both workers and users who handle industrial robots that include this DDS software. Based on the security-immaturity of DDS, the appearance of new vulnerabilities affecting DDS in the coming months is not ruled out.
One of the conclusions is that these vulnerabilities are present in almost 650 different devices used in across areas of application around the world. From Alias Robotics they have detected devices affected by these vulnerabilities in organizations such as NASA, but also in global data centers (Huawei Cloud Service), large industrial multinationals (Siemens), as well as hospitals, banks and universities in 34 countries, affecting 100 organizations through 89 Internet Service Providers (ISPs).
Key vulnerability findings
These detected vulnerabilities could lead to the loss of control of the robotic device, its complete loss of security, the denial of services through brute force, the possibility of facilitating access to the device through the exploitation of remote services, problems in the supply chain or the fact that attackers abuse the security protocols themselves to create an efficient command and control channel.
The authors of the study, have found that many of these security vulnerabilities - some even with the source code (proprietary) exposed to the public - have been open "for a long time, even years, so today cybercriminals could use them to paralyze critical infrastructure around the world" , according to Vctor Mayoral-Vilches.
In his opinion, "many still robotic device manufacturers prioritize their business development and continue to ignore cybersecurity." Mayoral-Vilches emphasizes that many of the manufacturers refuse to solve the problems "because if they did they would not comply with the DDS standard/specification". This is a problem of magnitude" - emphasizes the founder of Alias Robotics - "since the revision of the DDS standard may take years to be properly revised".
The report, which has been recently cited and published by the United States Agency for Security and Cybersecurity Infrastructure, was presented during 2021 in various forums including 'Black Hat 2021' from Las Vegas, the world's largest annual cybersecurity forum - but also at the ROS-Industrial Conference 2021 and more recently at a session organized by the European Commission on safety, security and performance. His research will continue to be presented throughout 2022 at new conferences and industry forums.
Tools to identify ROS 2 and DDS vulnerabilities
In order to mitigate the threats found and train robotics engineers in security matters, the Alias Robotics team has led a second research effort that has contributed and released a series of extensions to tools under an open source license that allow detecting these vulnerabilities in ROS 2 and DDS.
The results of this effort have been summarized in the article "SROS2: Usable Cyber Security Tools for ROS 2" which has been sent to the International Conference on Robots and Systems (IROS 2022).
Aliases Robotics was founded in 2018 by Vctor Mayoral-Vilches and has become an international leader in cybersecurity solutions for robots. His team is the creator of the first Immune Robot System (RIS), an intelligent antivirus that protects bots from cybercriminals from the inside out. RIS is incorporated into robots to protect them as it evolves and adapts like the human immune system.
Alias Robotics is made up of renowned robotics engineers, scientists and security researchers with more than 10 years of experience. Its clients include large automation companies, government institutions and users of industrial robots http://www.aliasrobotics.com
Communication inquiries:
Vctor Mayoral-Vilches
Phone : 616 151561
e-mail: victor@aliasrobotics.com
Vitoria, lava, Spain
Cision
View original content to download multimedia:https://www.prnewswire.com/news-releases/alias-robotics-discovers-numerous-and-dangerous-vulnerabilities-in-the-robot-operating-systems-ros-communications-that-can-have-devastating-consequences-301513741.html
SOURCE Alias Robotics
Read the original here:
- Nickelytics and Starship release robots at UCLA and Utah universities - Robotics and Automation News - May 1st, 2024 [May 1st, 2024]
- Next-Level Robotics: Enhancing Accuracy with Advanced Multisensory Interfaces - AZoRobotics - May 1st, 2024 [May 1st, 2024]
- Death of Lake Orion teen on robotics trip determined to be suicide, Houston police say - Detroit News - May 1st, 2024 [May 1st, 2024]
- Niqo Robotics Raises $9 Million In Funding Round Led By Brida Innovation Ventures: Report - Outlook India - May 1st, 2024 [May 1st, 2024]
- Mission to 'Holy Grail of Shipwrecks' Will Employ Robotics - USNI News - May 1st, 2024 [May 1st, 2024]
- Kiwibot acquires Auto Mobility Solutions Robotics & Automation News - Robotics and Automation News - May 1st, 2024 [May 1st, 2024]
- Untethered soft actuators for soft standalone robotics - Nature.com - May 1st, 2024 [May 1st, 2024]
- Robotics in the restaurant industry are here to stay: Carlos Gazitua - Fox Business - May 1st, 2024 [May 1st, 2024]
- It's time for UK business to embrace robotics - Design Products & Applications - May 1st, 2024 [May 1st, 2024]
- Meet the `One Percenters' - The Top Ranked Robotics Group from Franklin - Franklin Observer - May 1st, 2024 [May 1st, 2024]
- Atlas, forefather of humanoid robots, gives way to next generation - Marketplace - May 1st, 2024 [May 1st, 2024]
- BlueBotics releases new version of its server fleet management software - Robotics and Automation News - May 1st, 2024 [May 1st, 2024]
- U.S. manufacturers invested heavily in robotics in 2023, finds IFR - Robot Report - May 1st, 2024 [May 1st, 2024]
- This is a unique time: ARK Invests chief futurist tackles tech innovation from AI to robotics - CNBC - May 1st, 2024 [May 1st, 2024]
- U.S. Companies Invest Heavily in Robots - IFR Preliminary Results EMSNow - EMSNow - May 1st, 2024 [May 1st, 2024]
- MiR launches new autonomous mobile forklift-type robot - Robotics and Automation News - May 1st, 2024 [May 1st, 2024]
- Rutland Area Robotics' IBOTS compete in FIRST World Championships finals for first time - Rutland Herald - May 1st, 2024 [May 1st, 2024]
- Micropsi Industries introduces new AI-vision software Robotics & Automation News - Robotics and Automation News - May 1st, 2024 [May 1st, 2024]
- Robots on a Roll: The Future of Farming Is Here Now - Growing Produce - May 1st, 2024 [May 1st, 2024]
- Grand Force, Grand Forks' only FIRST Robotics team, returns from world championship with good memories - Grand Forks Herald - May 1st, 2024 [May 1st, 2024]
- Reston Robotics Team Wins National Competition At Tech Conference - Patch - May 1st, 2024 [May 1st, 2024]
- CapSen Robotics Introduces CapSen PiC 2.0 Bin-Picking Software - Supply and Demand Chain Executive - May 1st, 2024 [May 1st, 2024]
- Gecko Robotics and Al Masaood Energy Partner to Help ADNOC Gas Revolutionize Asset Operations and ... - Business Wire - May 1st, 2024 [May 1st, 2024]
- Vention Launches New Cloud-Robotic and AI Capabilities to Accelerate the Design and Deployment of Robot Cells - InvestorsObserver - May 1st, 2024 [May 1st, 2024]
- Inside Wilsonville High School's robotics team - KGW.com - May 1st, 2024 [May 1st, 2024]
- Talking AUTOMATE 2024 with TM Robotics | RoboticsTomorrow - Robotics Tomorrow - May 1st, 2024 [May 1st, 2024]
- Advancing obstetric and gynecologic surgery through robotic innovation - Contemporary Obgyn - May 1st, 2024 [May 1st, 2024]
- On the Horizon: A Robot to Assist ALS Patients | RoboticsTomorrow - Robotics Tomorrow - May 1st, 2024 [May 1st, 2024]
- Robots can use air to move objects - Earth.com - May 1st, 2024 [May 1st, 2024]
- Plymouth Robotics Team 586E takes 6th place VEX Robotics World Championship in Dallas, TX - WTCA - May 1st, 2024 [May 1st, 2024]
- These flying origami-inspired robots change shape in mid-air - Engadget - September 29th, 2023 [September 29th, 2023]
- Industrial Robotics Market Size To Reach USD 94.8 Billion By 2032 ... - GlobeNewswire - September 29th, 2023 [September 29th, 2023]
- ForwardX Robotics and DHL Collaborate To support Expansion - PR Newswire - September 29th, 2023 [September 29th, 2023]
- Dexterity AI and FedEx Unveil First-of-its-Kind Robotics Trailer ... - Robotics Tomorrow - September 29th, 2023 [September 29th, 2023]
- Newton High Schools Team Aperture attends super bowl of robotics - New Jersey Education Association - September 29th, 2023 [September 29th, 2023]
- Exoskeleton Report eMagazine: The Latest in Wearable Robotics ... - Exoskeleton Report - September 29th, 2023 [September 29th, 2023]
- 12.5m for robotics and automation to boost sustainable farming - GOV.UK - September 29th, 2023 [September 29th, 2023]
- Robotics As A Service (RaaS) Market size to increase by USD 1.50 ... - PR Newswire - September 29th, 2023 [September 29th, 2023]
- Learn how to create socially intelligent robots at RoboBusiness - Robot Report - September 29th, 2023 [September 29th, 2023]
- Monument Health Welcomes Two New Robotics-Trained General ... - Newscenter1.tv - September 29th, 2023 [September 29th, 2023]
- 3D-Printed Robotic Gripper Works Without Electronics - Design News - September 29th, 2023 [September 29th, 2023]
- WVU Today | WVU researcher to help send swarm of marine robots ... - WVU Today - September 29th, 2023 [September 29th, 2023]
- Using robotics & AI to reduce water - Times of India - September 29th, 2023 [September 29th, 2023]
- We need a new social contract for the coming golden age of robotics - Big Think - July 2nd, 2023 [July 2nd, 2023]
- The Intersection of Autonomous Robotics and Solar Panel Cleaning ... - EnergyPortal.eu - July 2nd, 2023 [July 2nd, 2023]
- RoboCat: Google DeepMind's innovative leap into AI-powered ... - The Jerusalem Post - July 2nd, 2023 [July 2nd, 2023]
- Seen at HIMSS: the latest innovations in artificial intelligence, mixed ... - Kevin MD - July 2nd, 2023 [July 2nd, 2023]
- KEENON Robotics Empowers Future of Hotel Experiences as ... - PR Newswire - July 2nd, 2023 [July 2nd, 2023]
- Brief Overview of Investing in Robotics in 2023 - Analytics Insight - July 2nd, 2023 [July 2nd, 2023]
- Greek post office makes further commitment to Robotics parcel ... - Post and Parcel - July 2nd, 2023 [July 2nd, 2023]
- Robotic glove that 'feels' lends a 'hand' to relearn playing piano after ... - Science Daily - July 2nd, 2023 [July 2nd, 2023]
- 'Bionic professor' aims to transform the field of wearable robotics - University of Toronto - July 2nd, 2023 [July 2nd, 2023]
- The Advantages of Adopting Robotics for Energy Infrastructure ... - EnergyPortal.eu - July 2nd, 2023 [July 2nd, 2023]
- Upskill with course in robotics, IS handler told terrorists: NIA - Times of India - July 2nd, 2023 [July 2nd, 2023]
- Saving the World's Coral Reefs with AI and Robotics - TriplePundit - July 2nd, 2023 [July 2nd, 2023]
- How To Learn Robotics and Coding - StartupGuys.net - July 2nd, 2023 [July 2nd, 2023]
- Transformative Impact of Robotics in the Healthcare Industry - Analytics Insight - June 4th, 2023 [June 4th, 2023]
- Implementing robotics could improve workplace safety, report says - HR Dive - June 4th, 2023 [June 4th, 2023]
- Rise of the machines: What will drive adoption of robotics and ... - AgFunderNews - June 4th, 2023 [June 4th, 2023]
- Robotics investments top $1.63B in April 2023 - Robot Report - June 4th, 2023 [June 4th, 2023]
- We are pleased to announce our 3rd Reddit Robotics Showcase! - Robohub - June 4th, 2023 [June 4th, 2023]
- Jersey City's Oishii partners with robotics company to bring ... - ROI-NJ.com - June 4th, 2023 [June 4th, 2023]
- New Dog, New Tricks: Reflections on Construction, Robotics, and ... - Archinect - June 4th, 2023 [June 4th, 2023]
- Underwater robots for operations in challenging and dangerous ... - Inceptive Mind - June 4th, 2023 [June 4th, 2023]
- NVIDIA Brings Advanced Autonomy to Mobile Robots With Isaac AMR - Nvidia - June 4th, 2023 [June 4th, 2023]
- Robotic assisted surgery now available at Northeast Regional ... - Kirksville Daily Express and Daily News - June 4th, 2023 [June 4th, 2023]
- Robotic hand offers innovative nuclear solution : Waste & Recycling - World Nuclear News - June 2nd, 2023 [June 2nd, 2023]
- Hy-Tek Intralogistics and Hai Robotics Announce Partnership ... - Robotics Tomorrow - June 2nd, 2023 [June 2nd, 2023]
- UNA dubbed new home to BEST Robotics Competition - WHNT News 19 - June 2nd, 2023 [June 2nd, 2023]
- Serve Robotics to deploy up to 2000 delivery bots on Uber Eats - Supply Chain Dive - June 2nd, 2023 [June 2nd, 2023]
- Amazon executive joins Medtronic to spearhead development in ... - Vascular News - June 2nd, 2023 [June 2nd, 2023]
- Armach Robotics' To Showcase Their Novel Hull Cleaning Solution ... - Marine Insight - June 2nd, 2023 [June 2nd, 2023]
- AMP Robotics breaks in Colorado headquarters as it eyes future ... - Waste Dive - June 2nd, 2023 [June 2nd, 2023]
- West Linn robotics team 2B Determined learns to lead and change ... - West Linn Tidings - June 2nd, 2023 [June 2nd, 2023]
- No Longer a 'Titan' in Surgical Robotics - Medical Device and Diagnostics Industry - June 2nd, 2023 [June 2nd, 2023]
- PERRONE ROBOTICS UNVEILS GROUNDBREAKING FUSION OF ... - PR Newswire - June 2nd, 2023 [June 2nd, 2023]
- uWare robotics map what lies beneath the ocean with its ... - Tech.eu - June 2nd, 2023 [June 2nd, 2023]
- Secretary of State's opening speech at Robotics and Automation ... - GOV.UK - June 2nd, 2023 [June 2nd, 2023]
- Mukilteo Robotics team Modulo reflects on their World ... - Lynnwood Times - June 2nd, 2023 [June 2nd, 2023]
- ROBO A Buy Amid Robotics Optimism And Ongoing Re-Shoring ... - Seeking Alpha - June 2nd, 2023 [June 2nd, 2023]