Researchers find factory robots can be easily hacked

As the world's factories shift to automation, a series of tests finds some troubling flaws.

Alfred Ng
Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
2 min read
Enlarge Image

By 2018, there could be 1.3 million robots in factories globally. That's 1.3 million machines at risk of being hacked.

From baristas to pizza chefs, automation is quickly taking over the economy, expected to kill off 6 percent of all US jobs by 2021. Factories that make your phones, cars and planes already depend primarily on machines to automatically put together devices.

Humans can't keep up with a robot's pace, strength and durability, but at least they've got machines beat on cybersecurity.

A series of tests conducted by Politecnico di Milano and cybersecurity firm Trend Micro found that factory robots have weak network security. Some systems used simple usernames and passwords that couldn't be changed, while others didn't even need a password. The firm looked at robots from ABB, Fanuc, Mitsubishi, Kawasaki and Yaskawa.

The industrial machines also have poor software protection, and some run on outdated software, according to the firm's research paper. The team found tens of thousands of robots using IP addresses that are public, which increases the risk of hackers getting easy access.

Operators and programmers can manage their machines remotely, sending commands to robots through their computers or phones. If the connection is insecure, hackers could hijack the machines, leading to sabotage and product defects.

The researchers tested a robot from ABB, which was programmed to draw a straight line. By reverse-engineering the RobotWare control program and the RobotStudio software, the researchers hacked the machine's network and switched it to draw a line that 2 millimeters off. You can watch it here:

Machines are programmed to be extremely precise in their movements, because the slightest miscalculation can cause catastrophic defects (Read: Samsung Galaxy Note 7).

ABB has since fixed the flaws in its machine's software, but Trend Micro's findings raise concerns more generally for automation in the future. The firm recommends companies set up industrial robot cybersecurity standards before automation takes over every factory.

Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility.

Batteries Not Included: The CNET team reminds us why tech is cool.