Alias Robotics' Defensive and Offensive robot security talk - ROS Industrial Conference Europe 2019

A Global Impact

Alias Robotics is raising the standard of what it means to be secure and their mission is going global. Last week, Víctor Mayoral and Endika Gil Uriarte, CSO, represented Alias Robotics at the 2019 ROS-Industrial Europe Conference, held at the Fraunhofer IPA institute in Stuttgart, Germany. Their presentation, which took place on December 11th, demonstrated the importance of "Defensive and Offensive Robot Security", to the audience.

Offensive robot security

"Security is a process, not a product"

Víctor Mayoral talks offensive robot security

Víctor Mayoral, a veteran in the ROS community, opened the discussion by explaining that there are many misconceptions around security. That security is not only confused with safety, but is often seen as a one-time-fix. In reality, Victor explains that "security is making sure a robot is not affected by its environment and is a process that must be constantly assessed." Alias Robotics' solutions do just that.

security is making sure a robot is not affected by its environment and is a process that must be constantly assessed

Alias Robotics is a robot cybersecurity company that works closely with manufacturers and end users to make sure that their technologies are used securly. Víctor, head of Alias' Offensive Team, assess security by going into the mind of an attacker. In doing this, he explains that he and his team are able to identify new, exploitable vulnerabilities, and proactively react so they can be rapidly patched, thus eliminating dangerous 0-Days in robotics.

0-Days

Anyone who heard Víctor's part the presentation would have walked away wondering how manufactures and end users are going to combat 0-Days, but what exactly is a 0-Day? How do they apply to robotics?

As Víctor explained, "a 0-Day started as a "Bug" that turned into a weakness. This weakness could be exploited, which made it a vulnerability. A vulnerability that hasn't yet been patched or mitigated is known as a 0-Day." So surprisingly, or not, many companies have chosen to ignore 0-Days to avoid financial and ethical responsibility. Alias' motto is to "remove 0-Days from robotics" and we are doing so by increasing security standards in the industry.

alurity

alurity "toolbox for robot security"

At the ROS-Industrial Conference 2019, Alias Robotics announced its newest product, alurity a toolbox for robot security. alurity contains various modules and "each module abstracts an element that's relevant for a robotics application, thus greatly accelerating the process of security in robotics." The tools in this "security toolbox" are able to conduct and analyze robotic components, forensics, exploitation, testing, and reconnaissance.

SROS2 leaks node information
alurity demo showing how SROS2 leaks node information at the time of writing

The audience at the conference got to not only see alurity's grand reveal but also its technology in action. During the presentation, Víctor and Endika showed alurity used to create PoC industrial robot ransomware (created at Alias Robotics) and how to deploy it in UR3 Robot (Universal Robots). The development of the ransomware took the team only 2 weeks to create, which heavily emphasised how vulnerable vendors such as Universal Robots are to malicious attacks and why a call to action is needed now. Luckily, for these companies, Alias Robotics created alurity so security can be tested before others have the chance to interfere.

Defensive robot security

Endika Gil Uriarte talks robot defensive security

Alias Robotics' CSO, Endika Gil took the stage for the second half of the discussion. His opening message was a call for hope "Do not panic, we are here to help". Endika, an advocate for the next generation of secure robots, took the honor of quickly re-introducing BlackBox the robot forensics product, which became available to the market earlier this year, but this product wasn't the focus of his presentation. Endika excitedly announced, "some of you may know us from our forensic and traceability product, the Black Box, but it is my pleasure to introduce you to our newest product RIS." The Robot Immune System is a security monitoring device for robotics.

The Robot Immune System (RIS) is a security monitoring device for robotics.

Enthusiasm filled the room as Endika spoke of his team's newest robot defensive security product, RIS, that will be available in Q1 of 2020.

RIS

RIS-Robot Immune System

Alongside Alias Robotics' Offensive product release of alurity at the ROS-Industrial Conference 2019, they also released their newest Defensive product, RIS.

RIS stands for Robot Immune System. This security monitoring device perfectly integrates with a robot's system without interfering with its functionality or performance, as was shown in a live video-demo by Endika using a UR Robot (Universal Robots).
Screen-Shot-2019-12-13-at-3.03.03-AM

Using RIS, an operator is able to see the live status of the robot, have full visibility of the threat landscape, and receive alerts when a threat is detected. In the video, RIS not only hardened and mitigated known vulnerabilities in the Universal Robot but was able to alert the operator when someone was trying to exploit the vulnerabilities or performing risky actions.

Screen-Shot-2019-12-13-at-3.03.14-AM

RIS is a game changer in robot security. Endika emphasized that the concept of RIS was tested on a UR Robot, but its value expands far beyond. Alias mentioned that they are currently in conversation with many other vendors who want to heighten their security using RIS.

Call for Action

Alias Robotics is hitting robot cybersecurity from every angle to ensure that the market has both Offensive and Defensive security solutions, however, Endika states that solutions can only go so far. In the robot security survey conducted by Alias Robotics, 73% of respondents said that they were open to invest in security but only 26% have actually done so. There is still a gap between what must be done and what companies are actually doing. Some companies are starting to take responsibility for the next generation of secure robots but more need to step-up.

Together, Víctor and Endika ended their discussion at the ROS-Industrial Conference 2019, with a warm invitation asking companies to "provide feedback, share their concerns, and remember that Alias Robotics is here to listen. Security is a process and one that we must do together."