Robot Teardown, Stripping Industrial Robots for Good

Víctor Mayoral-Vilches  (1*) - [ https://orcid.org/0000-0001-8308-3363 ]
Alfonso Glera-Picón  (2)
Unai Ayucar-Carbajo  (3)
Stefan Rass  (4) - [ https://orcid.org/0000-0003-2821-2489 ]
Martin Pinzger  (5) - [ https://orcid.org/0000-0002-5536-3859 ]
Federico Maggi  (6) - [ https://orcid.org/0000-0003-1073-8036 ]
Endika Gil-Uriarte  (7)

(1) Alias Robotics, Spain and University of Klagenfurt, Austria
(2) Alias Robotics, Spain
(3) Alias Robotics, Spain
(4) University of Klagenfurt, Austria
(5) University of Klagenfurt, Austria
(6) Trend Micro Inc., Italy
(7) Alias Robotics, Spain
(*) Corresponding Author

Abstract

Building a robot requires a careful selection of components that interact across networks while meeting timing deadlines. Given the complexity associated, as robots get damaged or security compromised, their components will increasingly require updates and replacements. Contrary to the expectations and similar to Ford in the 1920s with cars, most robot manufacturers oppose to this. They employ planned obsolescence practices organizing dealers and system integrators into "private networks", providing repair parts only to "certified" companies to discourage repairs and evade competition.
In this article, we introduce and advocate for robot teardown as an approach to study robot hardware architectures and fuel security research. We show how teardown can help understanding the underlying hardware and demonstrate how our approach can help researchers uncovering security vulnerabilities. Our case studies show how robot teardown becomes an essential practice to security in robotics, helping us identify and report a total of 100 security flaws with 17 new CVE IDs over a period of two years. Lastly, we finalize by demonstrating how, through teardown, planned obsolescence hardware limitations can be identified and bypassed obtaining full control of the hardware, which poses both a threat to the robot manufacturers' business model as well as a security threat.

Keywords

Teardown; Robotics; Security; Repair; Safety; Red-teaming

Citation Metrics

Full Text:

PDF PDF

References

Alzola Kirschgens, L., Zamalloa Ugarte, I., Gil Uriarte, E., Mu ̃niz Rosas, A., & Mayoral-Vilches, V. (2018, June). Robothazards: from safety to security.ArXiv e-prints.

Cerrudo, C., & Apa, L. (2017a).Hacking robots before Skynet (Tech. Rep). Retrieved from VIEW ITEM

Cerrudo, C., & Apa, L. (2017b).Hacking robots before Skynet: Technical appendix (Tech. Rep). Retrieved from VIEW ITEM

Cordella, M., Alfieri, F., & Sanfelix, J. (2019).Analysis and development of a scoring system for repair and upgrade of products-final report. Publications Office of the European Union Luxembourg.

Crowe, S. (2021). Teradyne’s robotics portfolio grows revenue 33% in q1. Retrieved from VIEW ITEM (2021-05-02)

Communication (European Commission), D.-G. (2020). Circular economy action plan, for a cleaner and more competitive Europe.Publications Office of the European Union Luxembourg https://doi.org/10.2779/05068

Gracic, E., Hayek, A., & B ̈orcs ̈ok, J. (2016). Implementation of a fault-tolerant system using safety-related Xilinx tools conforming to the standard IEC 61508. In2016 international conference on system reliability and science (ICSRS) (pp.78–83).

Gracic, E., Hayek, A., & B ̈orcs ̈ok, J. (2017). Evaluation of FPGA design tools for safety systems with on-chip redundancy referring to the standard IEC 61508. In2017 2nd international conference on system reliability and safety (ICSRS) (pp.386–390).

Guha, B., & Mukherjee, B. (1997, July). Network security via a reverse engineering of TCP code: vulnerability analysis and proposed solutions. IEEE Network, 11(4), 40–48 https://doi.org/10.1109/65.598458

Hallett, E., Corradi, G., & McNeil, S. (2015). Xilinx reduces risk and increases efficiency for iec61508 and iso26262 certified safety applications. Xilinx White Paper.

Hatta, M. (2020). The right to repair, the right to tinker, and the right to innovate.Annals of Business Administrative Science,0200604a.

Kohlweiss, A., Auberger, E., Ketenci, A., & Ramsauer, C. (2020). Integration of a teardown approach at Graz University of technology ́ s lead factory. Procedia Manufacturing,45, 240–245.

Lin, Z., Zhang, X., & Xu, D. (2010, March). Automatic reverse engineering of data structures from binary execution. InProceedings of the 11th Annual Information Security Symposium(p. 1). West Lafayette, IN: CERIAS - Purdue University.

Mayoral-Vilches, V., Alzola Kirschgens, L., Bilbao Calvo, A., Hern ́andez Cordero, A., Izquierdo Pis ́on, R., Mayoral Vilches,D., Peter, A. (2018, June). Introducing the robot security framework (RSF), a standardized methodology to perform security assessments in robotics.ArXiv e-prints.

Mayoral-Vilches, V., Garc ́ıa-Maestro, N., Towers, M., & Gil-Uriarte, E. (2020). Devsecops in robotics.arXiv preprintarXiv:2003.10402.

Mayoral-Vilches, V., Hern ́andez, A., Kojcev, R., Muguruza, I., Zamalloa, I., Bilbao, A., & Usategi, L. (2017). The shift in the robotics paradigm— the hardware robot operating system (h-ros); an infrastructure to create interoperable robot components. InAdaptive hardware and systems (ahs), 2017 NASA/ESA Conference on(pp. 229–236).

Mayoral-Vilches, V., Juan, L. U. S., Carbajo, U. A., Campo, R., de C ́amara, X. S., Urzelai, O., Gil-Uriarte, E. (2019). Industrial robot ransomware: Akerbeltz.arXiv preprint arXiv:1912.07714.

Mayoral-Vilches, V., Juan, L. U. S., Dieber, B., Carbajo, U. A., & Gil-Uriarte, E. (2019). Introducing the robot vulnerability database (RVD).arXiv preprint arXiv:1912.11299.

Mayoral-Vilches, V., Mendia, G. O., Baskaran, X. P., Cordero, A. H., Juan, L. U. S., Gil-Uriarte, E., Kirschgens, L. A.(2018). aztarna, a footprinting tool for robots.arXiv preprint arXiv:1812.09490.

Mayoral-Vilches, V., Pinzger, M., Rass, S., Dieber, B., & Gil-Uriarte, E. (2020). Can ros be used securely in industry? red-teaming ros-industrial.arXiv preprint arXiv:2009.08211.

McLoughlin, I. (2008, December). Secure Embedded Systems: The Threat of Reverse Engineering. In2008 14th IEEEInternational Conference on Parallel and Distributed Systems(pp. 729–736). (ISSN: 1521-9097) https://doi.org/10.1109/ICPADS.2008.12612

Quigley, M., Gerkey, B., Conley, K., Faust, J., Foote, T., Leibs, J.,Ng, A. (2009, May). Ros: an open-source robot operatingsystem. InProc. of the ieee intl. conf. on robotics and automation (ICRA) workshop on open source robotics.Kobe, Japan.

Rajendran, J., Sam, M., Sinanoglu, O., & Karri, R. (2013, November). Security analysis of integrated circuit camouflaging. InProceedings of the 2013 ACM SIGSAC conference on Computer & communications security (pp. 709–720). New York,NY, USA: Association for Computing Machinery. Retrieved from https://doi.org/10.1145/2508859.2516656 (2021-05-10)

Sandborn, P., Myers, J., Barron, T., & McCarthy, M. (2006). Using teardown analysis as a vehicle to teach electronic systems manufacturing cost modeling. In Proceedings of the international electronics packaging education conference.

Skorobogatov, S. (2017). Deep dip teardown of tubeless insulin pump.arXiv preprint arXiv:1709.06026.

Taurer, S., Breiling, B., Svrta, S., & Dieber, B. (n.d.). Case study: remote attack to disable mir100 safety.

Tellez, M., El-Tawab, S., & Heydari, M. H. (2016, December). IoT security attacks using reverse engineering methods on WSN applications. In 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT) (pp. 182–187) https://doi.org/10.1109/WF-IoT.2016.7845429

Treude, C., Filho, F. F., Storey, M.-A., & Salois, M. (2011, October). An Exploratory Study of Software Reverse Engineering a Security Context. In 2011 18th Working Conference on Reverse Engineering (pp. 184–188) https://doi.org/doi:10.1109/WCRE.2011.30

Tutunji, T. (n.d.). Reverse engineering: Electronics.

Wang, R., Wang, X., Zhang, K., & Li, Z. (2008, October). Towards automatic reverse engineering of software security configurations. InProceedings of the 15th ACM conference on Computer and communications security(pp. 245–256).New York, NY, USA: Association for Computing Machinery. Retrieved from https://doi.org/10.1145/1455770.1455802 (2021-05-10)

Younis, M. B., & Tutunji, T. A. (2010). Reverse engineering in mechatronics education. In 7th international symposium on mechatronics and its applications (pp. 1–5).

Zhu, Q., Rass, S., Dieber, B., & Vilches, V. M. (2021). Cybersecurity in robotics: Challenges, quantitative modeling, and practice.arXiv preprint arXiv:2103.05789