Low Cost AMR1 Case Study

Other case studies

What is threat modeling?

Threat modeling is a structured exercise that leverages abstractions and real-world data to detect potential risks. This process identifies potential attackers, their capabilities, resources, and intended objectives. In this study, threat modeling is applied to analyze each platform's implementation, detect security vulnerabilities, and offer practical solutions or workarounds based on real-world usage scenarios.

Threat modeling is crucial for developing robust security defenses and generally answers the following key questions:

  • What is your curent cybersecurity status?
  • What can go wrong? Could it lead to a major loss or impact?
  • What steps can be taken to improve the system’s security?

Objective

This case study aims to conduct a preliminary analysis and provide practical recommendations to strengthen the cybersecurity of connected autonomous mobile robots (AMRs). The goal is to protect AMR systems, ensure user safety, and encourage a proactive approach toward cybersecurity. This approach is critical to addressing emerging threats and ensuring the reliable performance of AMRs in an evolving environment. The study also aligns with forthcoming regulations such as the Cyber Resilience Act for manufacturers and NIS2 for end users.

About low cost AMR1

Low cost AMR1 is a state-of-the-art autonomous mobile robot designed to optimize logistics and material handling in commercial environments. Its compact, agile design allows it to navigate complex layouts and confined spaces effectively. Low cost AMR1 stands out for its advanced capabilities compared to other alternatives.

Key features

  • Advanced navigation and obstacle-avoidance technology capable of autonomously transporting payloads up to XXX kg.
  • Adaptive motion planning that dynamically adjusts routes in environments shared with human operators.
  • Multiple safety features, including collision avoidance and dynamic obstacle detection.
  • Integration with existing on-site management systems, offering a control interface with a touchscreen.
  • Data connections for real-time status updates.

Despite these impressive features, cybersecurity remains an under-prioritized aspect of AMR design. Manufacturers often do not focus on security as a selling point, leaving these robots vulnerable to cyberattacks. To understand the attack surface of a robotic system, it is essential to conduct a threat modeling exercise to identify and mitigate cybersecurity risks.

low cost AMR1

Methodology

Cybersecurity has become essential for maintaining the safety and integrity of industrial applications, especially in complex, interconnected environments like the logistics industry. The growing connectivity and complexity of these systems significantly expand the attack surface, exposing Autonomous Mobile Robots (AMRs) to various cyber threats. These threats can compromise operational availability, lead to safety issues, and cause economic and reputational damage.

This report analyzes cybersecurity threats for the low cost AMR1 using the IEC 62443-4-2 standard, adapted for logistics. It identifies entry points, attack surfaces, and trust boundaries, providing insights into security risks and countermeasures. The standard's security categories help assess and mitigate potential threats in AMR applications.

Read more about threat modeling

Disclaimer

The names and details in this case study have been anonymized for confidentiality. This content is solely intended to highlight the general cybersecurity status of AMRs. Alias Robotics does not endorse, encourage, or promote unauthorized tampering with robotic systems, which may result in severe injury, significant property damage, and legal consequences.

Service & logistics applications

ARM1 Service & logistics applications

System architecture of low cost AMR1

Overview of the onboard architecture

Overview of the onboard architecture
  • Onboard computer system: The onboard computer serves as the central hub for managing operations. It features an industrial-grade PC running a Debian-based Linux distribution with ROS (Robot Operating System).
  • Wireless communication system: Includes WiFi, enabling connectivity with MS, updates, and synchronization with other robots. It also supports remote management, allowing operators to monitor status, receive alerts, and adjust commands in real time.
  • Safety systems:
  • Equipped with a LIDAR sensor for collision avoidance.
  • Two emergency stop buttons (E-Stop) for immediate shutdown.
  • A front-facing 3D depth camera for enhanced obstacle and human detection.
  • User interface and control panel: Features an Android-based IoT board with a touchscreen, enabling operators to monitor status, adjust settings, and run diagnostics. It offers a unified control experience with real-time updates, error reporting, and MS integration.
  • Navigation and path-planning algorithms: Utilizes a ROS-based navigation stack that allows it to adjust its route autonomously based on real-time environmental data.

Actors

End user
NIS2 sectors

Robot operator
Production manager

Defender
Alias Robotics

Architecture data flow

The architecture data flow diagram outlines how different components interact and exchange information within the system. It highlights critical assets and their connections, providing insight into potential vulnerabilities.

Diagram architecture data flow

Trust boundaries

A trust boundary marks areas where multiple entities with different privileges interact. Systems with numerous external interfaces have more complex trust boundaries and larger attack surfaces. The following are the trust boundaries identified in this study:

  • TB1 – AGV
  • TB2 - Wireless 1
  • TB3 - Wireless 2
  • TB4 - TouchScreen
  • TB5 - Outside world
Diagrama 3

Entry points

Identified entry points where a malicious actor could initiate an attack:

  • EP1 (USB): Physical USB port, crossing from the Outside World to the AMR.
  • EP2 (Wi-Fi): Wireless communication, crossing from Outside World to Wireless 1
  • EP3 (Wi-Fi): Wireless communication, crossing from Outside World to Wireless 2.
  • EP4 (Physical): Wired communication, crossing from Outside World to TouchScrees.
Diagrama 4

Risk analysis and feasible attacks

Alias Robotics identified several possible attach pathways affecting PREMIUM AMR1:

  • Malware Injection via USB
  • Man-in-the-Middle (MITM) Attack on the wireless network
  • Unauthorized Access through the web-based management interface
  • ROS Node Compromise
Diagrama 5

Conclusions

Low cost AMR1 is a highly capable industrial-grade robot with an expanded attack surface, making it a potential target for cybercriminals. Conducting a threat modeling exercise is essential to comply with industrial cybersecurity standards (IEC 62443 Part 4) and mitigate risks effectively.

The next step involves cybersecurity testing of the identified threat landscape to ensure comprehensive protection. Cybersecurity is an iterative process that must be revisited periodically as threats evolve.

Alias Robotics is a leading provider of robot security solutions. Contact us to learn how we can help secure your robotic systems.

Co-Funded by the EIC Accelerator Project – GA 101161136

EIC Co-Funded by Quadri