V. Vilches, Lander Usategui San Juan, Unai Ayucar Carbajo, Rubén Campo, Xabier Sáez de Cámara, Oxel Urzelai, Nuria García, E. Gil-Uriarte
{"title":"工业机器人勒索软件:Akerbeltz","authors":"V. Vilches, Lander Usategui San Juan, Unai Ayucar Carbajo, Rubén Campo, Xabier Sáez de Cámara, Oxel Urzelai, Nuria García, E. Gil-Uriarte","doi":"10.1109/IRC.2020.00080","DOIUrl":null,"url":null,"abstract":"Cybersecurity lessons have not been learnt from the dawn of other technological industries. In robotics, the existing insecurity landscape needs to be addressed immediately. Several manufacturers profiting from the lack of general awareness are systematically ignoring their responsibilities by claiming their insecure (open) systems facilitate system integration, disregarding the safety, privacy and ethical consequences that their (lack of) actions have. In an attempt to raise awareness and illustrate the “insecurity by design in robotics” we have created Akerbeltz, the first known instance of industrial robot ransomware. Our malware is demonstrated using a leading brand for industrial collaborative robots, Universal Robots. We describe the rationale behind our target and discuss the general flow of the attack including the initial cyber-intrusion, lateral movement and later control phase. We urge security researchers to adopt some sort of disclosure policy that forces manufacturers to react promptly. We advocate against security by obscurity and encourage the release of similar actions once vulnerability reports fall into a dead-end. Actions are now to be taken to abide a future free of zero-days for robotics.","PeriodicalId":232817,"journal":{"name":"2020 Fourth IEEE International Conference on Robotic Computing (IRC)","volume":"C-18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"Industrial robot ransomware: Akerbeltz\",\"authors\":\"V. Vilches, Lander Usategui San Juan, Unai Ayucar Carbajo, Rubén Campo, Xabier Sáez de Cámara, Oxel Urzelai, Nuria García, E. Gil-Uriarte\",\"doi\":\"10.1109/IRC.2020.00080\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cybersecurity lessons have not been learnt from the dawn of other technological industries. In robotics, the existing insecurity landscape needs to be addressed immediately. Several manufacturers profiting from the lack of general awareness are systematically ignoring their responsibilities by claiming their insecure (open) systems facilitate system integration, disregarding the safety, privacy and ethical consequences that their (lack of) actions have. In an attempt to raise awareness and illustrate the “insecurity by design in robotics” we have created Akerbeltz, the first known instance of industrial robot ransomware. Our malware is demonstrated using a leading brand for industrial collaborative robots, Universal Robots. We describe the rationale behind our target and discuss the general flow of the attack including the initial cyber-intrusion, lateral movement and later control phase. We urge security researchers to adopt some sort of disclosure policy that forces manufacturers to react promptly. We advocate against security by obscurity and encourage the release of similar actions once vulnerability reports fall into a dead-end. Actions are now to be taken to abide a future free of zero-days for robotics.\",\"PeriodicalId\":232817,\"journal\":{\"name\":\"2020 Fourth IEEE International Conference on Robotic Computing (IRC)\",\"volume\":\"C-18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-12-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 Fourth IEEE International Conference on Robotic Computing (IRC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IRC.2020.00080\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 Fourth IEEE International Conference on Robotic Computing (IRC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IRC.2020.00080","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Cybersecurity lessons have not been learnt from the dawn of other technological industries. In robotics, the existing insecurity landscape needs to be addressed immediately. Several manufacturers profiting from the lack of general awareness are systematically ignoring their responsibilities by claiming their insecure (open) systems facilitate system integration, disregarding the safety, privacy and ethical consequences that their (lack of) actions have. In an attempt to raise awareness and illustrate the “insecurity by design in robotics” we have created Akerbeltz, the first known instance of industrial robot ransomware. Our malware is demonstrated using a leading brand for industrial collaborative robots, Universal Robots. We describe the rationale behind our target and discuss the general flow of the attack including the initial cyber-intrusion, lateral movement and later control phase. We urge security researchers to adopt some sort of disclosure policy that forces manufacturers to react promptly. We advocate against security by obscurity and encourage the release of similar actions once vulnerability reports fall into a dead-end. Actions are now to be taken to abide a future free of zero-days for robotics.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
