The Fontys research group High Tech Embedded Software has analyzed several industrial SME environments and found multiple cybersecurity vulnerabilities. One of the case studies concerns an AGV. Second-year ICT & Cybersecurity students have shown how lacking authentication and encryption allow them to take over navigation control.
With the digital transformation towards Smart Industry, cybersecurity becomes much more important in industrial environments. Many threats and attacks are imaginable. Think of malware, ransomware, targeted attacks by cybercriminals or state-sponsored hackers, script kiddies exposing system vulnerabilities or denial-of-service attacks.
Logistical robots are increasingly applied in industrial settings. Second-year Fontys ICT & Cybersecurity students have, under the supervision of a teacher, set up and performed a security vulnerability analysis on an automated guided vehicle (AGV). They uncovered several serious problems.
Vulnerabilities
An AGV is a logistical robot that’s controlled by so-called fleet manager software. This fleet manager sends transport orders to the robot, ie the coordinates for a mission. The AGV can navigate with the help of maps stored in its memory. It has safety systems such as contact bumpers and lidar to prevent it from running into obstacles or humans on the way.
One of the students’ findings was that the communication between the fleet manager software and the AGV was unencrypted and without any authentication mechanism. This allows for man-in-the-middle attacks and injection of coordinates. As a result, the robot could be sent to arbitrary locations.
After some guessing, the students found the control messages to be composed of an X and Y coordinate and a rotation, stored as hexadecimally formatted 64-bit double values. Using simple scripts, the AGV could be fully controlled in an automated way. With this, the logistical process in a Smart Industry setting could be compromised, or the AGV could be stolen. Other attacks were also possible, such as adapting or removing map information or adding missions to the vehicle consisting of several destinations that are stored and then executed independently.
There was authentication to access the fleet manager software, but this was sent over the network in plain text. An attacker listening in on the network could capture the password and get into the fleet manager software, enabling him to control the settings and management of the whole AGV fleet.
The operating system and configuration of the AGV system also suffered from security weaknesses. Access to the system was allowed through SSH, Telnet and FTP. However, the last two communication protocols are both insecure because of lacking encryption and authentication. Using password attacks, the students could obtain Telnet and FTP access. With FTP access, the stored maps could be compromised, allowing attackers to give the AGV a false understanding of its environment.
There were also unused services running on the system, such as a web server with a couple of web pages. This web functionality wasn’t listed in the system documentation and didn’t seem to serve any purpose. Unneeded system services increase the attack surface and the risk of exploitable software vulnerabilities.
All found vulnerabilities were communicated to the developer of the AGV, who has taken action to improve security. The wireless router on the mobile robot has been configured to block unneeded ports and guidelines have been added to the user manual, including advice on the use of strong passwords and network segregation. This doesn’t fix the unencrypted communication itself but does lower the probability that an attacker can get access to the network and the AGV. The software and component suppliers were also contacted with the request to improve communication and system security.
Security improvement
The growing use of robots in industrial and logistical settings causes new cybersecurity-related requirements and challenges. Smart Industry developments, in general, impose more and more requirements on internet connectivity and data protection. Industry is used to work with formal safety management to prevent physical damage, environmental damage and human injury, but if security cannot be guaranteed, safety can also be compromised. Therefore, standard IT security principles, security processes and security controls must be applied in these operational technology (OT) environments, from authentication and strong password policies to firewall protection and secure remote management.
It is noted that available options and solutions to security threats are different in OT and IT environments. In OT, real-time performance is important, maintenance windows are often small and scarce, and software updates and update processes are much more uncommon. With these limitations, security relies more on additional security controls such as network segregation with strict firewall filtering between IT and OT networks. Security monitoring and intrusion detection will also help to protect, even without interfering with real-time performance, but starting this from scratch takes time and effort.
Key components of security improvement are security awareness in all organization layers, regular penetration testing, risk analysis, incident registration and a plan-do-check-act security management cycle. This security analysis also shows that it’s a combined responsibility of component suppliers, system integrators and the operational organization using the AGVs. Security vulnerabilities were found, but with this input, actions were also taken to improve security.