A team at a robot cybersecurity startup has released a free, open-source tool for information security professionals to help them easily ‘footprint’ and detect unprotected robots, not only connected to the Internet, but also to the industrial environments where they operate.
Dubbed “Aztarna,” the framework has been developed by Alias Robotics, a Spanish cybersecurity firm focused on robots and is capable of detecting vulnerable industrial routers and robots powered by ROS (Robot Operating System), SROS (Secure ROS) and other robot technologies.
Written in Python 3, Aztarna is basically a port scanning tool with a built-in database of fingerprints for industrial routers (including Westermo, Moxa, Sierra Wireless, and eWON), and robotic technologies and components, as well as patterns that power the tool to test those devices against various known vulnerabilities and security misconfigurations.
Researchers at Alias Robotics told The Hacker News that Aztarna has been designed to work in different work modes based upon different penetration testing scenarios. It can scan a list of given IP addresses, a network IP range, results from Shodan search engine and even the whole Internet in conjunction with other scanning tools like ZMap or masscan.
“Motivated by the lack of dedicated tooling for security research in the field of robotics, we have developed aztarna, a tool aimed to help in the detection and scan of robots and robot technologies (including software components) on a network,” the researchers said.
Using a quick scan with Aztarna, researchers detected almost 106 open ROS systems and 9,000 insecure industrial routers worldwide, a potential entry point for attackers to target vulnerable robots connected to the network, that can be accessed remotely using default credentials or even without requiring any authorization.
“Some the ROS instances found corresponded to empty systems or simulations, but a considerable proportion of real robots were identified. Including an array of research-oriented machines, but also a series of robots in industrial environments,” the researchers said.
Most of the identified vulnerable routers (around 1,586) were found located in European countries, with France and Spain leading the ranking of misconfigured routers.
Most popular industrial routers from Ewon, Moxa, Westermo and Sierra Wireless manufacturers were scanned as they represent the majority of industrial routers nowadays. 26801 routers were found, out of which 8958 (a stunning 33%) were tagged as insecure.
Results showed that most countries follow a similar balance between correctly configured and misconfigured devices, Colombia being the most insecure country with 26 connected devices of which 100% were using default credentials..
Regarding European countries with a larger number of connected routers, France stands out in the proportion of misconfigured devices, reported to display a total of 416 devices, 261 of them (63%) exposing default credentials, according to the study. Spain follows with 54% of the studied industrial routers being configured with default credentials.
North American countries showed the highest amount of industrial routers detected, with poor security settings in 36% in the US and 41% in Canadian routers.
The Alias Robotics team performed two different scans through the whole internet address space searching for open ROS Master in the 11311 port.
Then, aztarna was used to verify that the hosts actually corresponded to machines running ROS.
A striking amount of 106 ROS Systems were detected, most of them in the US (52) and Korea (16).
Some of the ROS instances found corresponded to empty systems or simulations, but a considerable proportion of real robots were identified. Including an array of research oriented machines, but also a series of robots in industrial environments.
As potential targets for cyberattacks, robots “need to be secured as soon as possible” alert the authors, adding that so far manufacturers are not responding, although end users are becoming aware of the problem.
Last summer, the University of Brown published a research on robot visibility on the internet. Scanning the internet, they found over 100 ROS-running internet-connected robots that were potential targets for cybercrime and mischief.
This massive security issue got big international echo.
Six months later, researchers from the robot cybersecurity startup Alias Robotics found no changes: hundreds of robots are still openly connected to the internet and potentially hackable.
Moreover, Alias Robotics’ offensive team has extended the scan to other robots not running ROS.
“Our aim was to improve, systematize and extend the results of previous studies.
We target not only robots powered by the Robot Operating System (ROS), but also other setups (SROS, ROS 2.0) and technologies. Beyond robotics frameworks, our work also targets other robots that do not necessarily employ these popular middlewares”, says David Mayoral, CEO of Alias Robotics.
The highest amount of industrial routers were detected in North American countries with poor security settings in the 36 percent of the connected routers located in the United States and 41 percent in Canada.
According to the researchers, the open-source framework can easily be extended to receive more fingerprints and patterns with future releases and to support new software or hardware robot components, allowing researchers to determine the specific firmware version in robots and discover “third-party libraries used and their versions, e.g. robot middle-ware version, communication infrastructure, etc.”
Alias Robotics notified the owners of the bots about the vulnerable robots, but argued that the release of Aztarna is “a natural consequence of the general lack of concern among robot manufacturers towards security and cybersecurity.”
“It’s not only that they are very slow patching their flaws when we warn them. Many just don’t care and say: We know our robots have a set of reported vulnerabilities, but we leave security up to the end user,” the researchers wrote.
Alias Robotics researchers have also released a research paper [PDF] detailing Aztarna, how it can be reproduced and how it allows for future extensions.
You can head on to the paper to know more about the open source footprinting tool for robots.
The researchers from Alias Robotics invite for contributions to extend aztarna’s auditing capacities.
The startup is actively recruiting and also organizes robot bug bounty programs and open robot vulnerability disclosure programs.
Alias Robotics S.L. – www.aliasrobotics.com