aztarna is an open source instrument developed by Alias Robotics, ready to be used by security researchers interested in robot footprinting. It allows to find robots powered by ROS, SROS and other robot technologies.

  • In a first scan, close to 9000 insecure industrial routers have been reported potentially hosting more connected vulnerable robots. The study showed 1586 of them in Europe, with France and Spain leading the ranking of misconfigured devices
  • As potential targets for cyberattacks, robots “need to be secured as soon as possible” alert the authors. So far manufacturers are not responding, they claim, but end users are becoming aware of the problem

Last summer, the University of Brown published a research on robot visibility on the internet. They scanned the internet and found over 100 ROS-running internet-connected robots that were potential targets for cybercrime and mischief. This massive security issue got big international echo. Six months later, researchers from the robot cybersecurity startup Alias Robotics found no changes: hundreds of robots are still openly connected to the internet and potentially hackable.

Moreover, Alias Robotics’ offensive team has extended the scan to other robots not running ROS, and developed a tool that allows security researchers to audit robots in the internet. This open source instrument, called aztarna (“footprint” in Basque language), allows to locate and identify robots and robot components, not only in the open internet, but also upon industrial environments where robots operate.
The authors of the piece of research have detected almost 9000 insecure industrial routers worldwide that potentially host more connected hackable robots all around the world. 1586 of them were placed in Europe. and the most insecure routers of the European Union are located in France and Spain, with 63% and 54% respectively. North American countries such as US and Canada also showed a large proportion them. All these detected industrial targets are configured with default credentials and totally unprotected.

“Our aim was to improve, systematize and extend the results of previous studies. We target not only robots powered by the Robot Operating System (ROS), but also other setups (SROS, ROS 2.0) and technologies . Beyond robotics frameworks, our work also targets other robots that do not necessarily employ these popular middlewares”, says David Mayoral, CEO of Alias Robotics.

As the University of Brown research team did, Alias Robotics’ authors have notified the owners of the bots whenever they came across a vulnerable robot. But the have also gone a step further: They have opened up the code.

“We argue against the security by obscurity approach and instead, advocate for robot security powered by continuous assessments, including quality assurance practices in software. Of course, by no means we encourage unauthorized tampering of running robotic systems. Instead we value the importance to empower security researchers and aim to raise security-awareness among roboticists, by releasing this robot security auditing tool”

aztarna is ready to be used by security researchers interested in robot footprinting. Throughout the article published on the preprint server arXiv sections, they’ve disclosed and described how their work can be reproduced, and how it allows for future extensions thanks to its modular architecture.

Authors argue that the release of these tools is a natural consequence of the general lack of concern among robot manufacturers towards security and cybersecurity.

“It’s not only that they are very slow patching their flaws when we warn them. Many just don’t care and say: We know our robots have a set of reported vulnerabilities, but we leave security up to the end user”.

Researchers from Alias Robotics invite for contributions to extend aztarna’s auditing capacities.

Hacking into 1 out of 3 industrial routers in the world is effortless

While hunting for robots, researchers at Alias Robotics stumbled upon a frightening reality. As part of the search of industrial robots, a single internet wide scan was launched targeting industrial end-points, the routers. This scan has revealed a vast amount of connected devices, many of them using default, weak credentials, or having no authentication mechanisms at all. Most popular industrial routers from Ewon, Moxa, Westermo and Sierra Wireless manufacturers were scanned as they represent the majority of industrial routers nowadays. 26801 routers were found, out of which 8958 (a stunning 33%) were tagged as insecure.

Results showed that most countries follow a similar balance between correctly configured and misconfigured devices, being Colombia, with 26 connected devices of which 100% were  using default credentials, the most insecure country. Regarding European  countries with a larger number of connected routers, France stands out in the proportion of misconfigured devices, reported to display a total of 416 devices, 261 of them (63%) exposing default credentials. Spain follows with 54% of the studied industrial routers being configured with default credentials. North American countries showed the highest amount of industrial routers detected, with poor security settings in  36% in the US and 41% in Canadian routers.

106 ROS systems detected by aztarna tool in a few hours

Alias Robotics team has performed two different scans through the whole internet address space searching for open ROS Master in the 11311 port. Then, aztarna was used to verify that the found hosts actually correspond to machines running ROS.
A striking amount of 106 ROS Systems were detected, most of them in the US (52) and Korea (16).

Some the ROS instances found corresponded to empty systems or simulations, but a considerable proportion of real robots were identified. Including an array of research oriented machines, but also a series of robots in industrial environments.

Example of snapshot by camera of an industrial trash-classification robot found with aztarna