RedROS-I

Prognostics and Health Management Tool for ROS
February 14, 2019
ZIVID-ROS
August 13, 2018

The RedROS-I project is aimed to provide an Offensive Security Enhancement for ROS-Industrial, gathering the best operative flow of a Red Team devoted to ROS Cybersecurity, with particular emphasis on ROS-Industrial packages.
The RedROS-I exercises will comprise 4 distinct phases, namely Reconnaissance, Enumeration, Exploitation and Documentation over selected ROS-Industrial packages. RedROS-I aims to (1) improve safety mechanisms and ensure them not being compromised by security flaws and raise awareness of manufacturers (2) Reduce the likelihood of attackers gaining access to ROS-I systems and (3) Provide open material on security assessments on industrial robots and propose mechanisms to mitigate potential intrusions.

 

Update (April 19′)

Milestone 1 includes a complete security assessment over FANUC, ABB and KUKA’s ROS-Industrial drivers. Additionally, RedROS-I also created a method for footprinting ROS-Industrial packages, mimicking the reconaissance phase of an attacker. The method for footprinting is wrapped up in Aztarna, an Open Source tool for auditing Robot Security. The tool is written in Python 3 and is basically a port-scanning tool that is focused not only in ROS and SROS systems, but also upon footprinting Industrial Routers behind which robots operate.  Aztarna works as follows:

For ROS

  • A list of the ROS nodes present in the system (Publishers and Subscribers)
  • For each node, the published and subscribed topis including the topic type
  • For each node, the ROS services each of the nodes offer
  • A list of all ROS parameters present in the Parameter Server
  • A list of the active communications running in the system. A single communication includes the involved publiser/subscriber nodes and the topics

For SROS

  • Determining if the system is a SROS master.
  • Detecting if demo configuration is in use.
  • A list of the nodes found in the system. (Extended mode)
  • A list of allow/deny policies for each node.
    • Publishable topics.
    • Subscriptable topics.
    • Executable services.
    • Readable parameters.

For Industrial routers

  • Detecting eWON, Moxa, Sierra Wireless and Westermo industrial routers.
  • Default credential checking for found routers.

For ROS Industrial packages (Funded under the ROSIN project (RedROS-I)

  • Detection of ROS Industrial Hosts.
  • Manufacturers:
    • ABB
    • Fanuc
    • Kuka

Disclaimer:

Alias Robotics supports original robot manufacturers assessing their security and improving their quality of software. By no means we encourage or promote the unauthorized tampering with running robotic systems. This can cause serious human harm and material damages.