The Spanish robotics firm Alias Robotics, specialized in robot cybersecurity, is announcing dozens of security flaws detected by their researchers in the robots of Universal Robots, one of lead manufacturers of collaborative robots in the world.
Given the lack of concern on security that this particular manufacturer has shown, Alias Robotics’ goal is to empower end-users, distributors and system integrators of Universal Robots with the information they require to make use of this technology securely. The firm is also offering services to advise users of these systems on security aspects.
Víctor Mayoral Vilches, CTO at Alias Robotics: “Universal Robots is ignoring cyber security on its products. Back in 2019, Alias Robotics reported to Universal Robots that we had found a significant amount of vulnerabilities in their UR3, UR5 and UR10 robots, across different versions of their firmware, which were of relevant severity and required immediate attention”,
After repeatedly informing Universal Robots about the detected flaws, Alias Robotics explored other paths. The robot cybersecurity firm filed for several CVE IDs with selected vulnerabilities so that MITRE and other CNAs could help steer the conversations, with no response whatsoever. Then, in December 2019, Alias Robotics publicly presented the findings in the ROS-Industrial robotics conference. Within the venue and with the aim to raise awareness, Akerbeltz was introduced, the first instance of ransomware in an industrial robot, specifically applied to Universal Robots cobots. Conversely, members of the Danish company, in an attempt to mitigate the reputation impact, discredited Alias’ work and indicated that they were not aware of any issues that affected safety (source).
Now, in an open source initiative called the Week of Universal Robots bugs, Alias Robotics is since Monday 31st of March filling and triaging security bugs for Universal Robots and exposing the results in the Robot Vulnerability Database. Alias Robotics is encouraging other security researchers and roboticists to participate sending their vulnerability findings.
Universal Robots is one of the lead vendors of collaborative robots –aimed to work side by side with humans– and their standpoint regarding security is that it is up to the user. According to the Danish company, their openness (and insecurity) simplifies system integration, which, from Alias Robotics’ perspective might have helped them in the past to scale their business, but is a position that holds no more where thousands of robots are being deployed.
- Week of Universal Robots bugs announcement https://news.aliasrobotics.com/week-of-universal-robots-bugs-exposing-insecurity/
- Press kit shorturl.at/ajxUY
- Alias Robotics security F.A.Q. https://aliasrobotics.com/faq.php