Card image

Other case studies

What is threat modeling?

Threat modeling is a structured exercise that leverages abstractions and real-world data to detect potential risks. This process identifies potential attackers, their capabilities, resources, and intended objectives. In this study, threat modeling is applied to analyze each platform's implementation, detect security vulnerabilities, and offer practical solutions or workarounds based on real-world usage scenarios.

Threat modeling is crucial for developing robust security defenses and generally answers the following key questions:

  • What is your curent cybersecurity status?
  • What can go wrong? Could it lead to a major loss or impact?
  • What steps can be taken to improve the system’s security?
Target image Target image small

Objective

This case study aims to conduct a preliminary analysis and provide practical recommendations to strengthen the cybersecurity of connected autonomous mobile robots (AMRs). The goal is to protect AMR systems, ensure user safety, and encourage a proactive approach toward cybersecurity. This approach is critical to addressing emerging threats and ensuring the reliable performance of AMRs in an evolving environment. The study also aligns with forthcoming regulations such as the Cyber Resilience Act for manufacturers and NIS2 for end users.

About low cost AMR1

Low cost AMR1 is a cutting-edge autonomous mobile robot designed to enhance logistics and material handling in commercial environments. With its compact and agile design, it easily navigates complex layouts and tight spaces. Low cost AMR1 distinguishes itself through its advanced features, intelligent navigation, and excellent performance compared to other cost-effective solutions.

Key features

  • Advanced navigation and obstacle-avoidance technology capable of autonomously transporting payloads up to XXX kg.
  • Adaptive motion planning that dynamically adjusts routes in environments shared with human operators.
  • Multiple safety features, including collision avoidance and dynamic obstacle detection.
  • Seamless integration with existing on-site management systems, providing operators with a user-friendly control interface featuring an intuitive touchscreen display.
  • Data connections for real-time status updates.

Despite these impressive features, cybersecurity remains an under-prioritized aspect of AMR design. Manufacturers often do not focus on security as a selling point, leaving these robots vulnerable to cyberattacks. To understand the attack surface of a robotic system, it is essential to conduct a threat modeling exercise to identify and mitigate cybersecurity risks.

Methodology

Cybersecurity has become essential for maintaining the safety and integrity of industrial applications, especially in complex, interconnected environments like the logistics industry. The growing connectivity and complexity of these systems significantly expand the attack surface, exposing Autonomous Mobile Robots (AMRs) to various cyber threats. These threats can compromise operational availability, lead to safety issues, and cause economic and reputational damage.

This report analyzes cybersecurity threats for the low cost AMR1 using the IEC 62443-4-2 standard, adapted for logistics. It identifies entry points, attack surfaces, and trust boundaries, providing insights into security risks and countermeasures. The standard's security categories help assess and mitigate potential threats in AMR applications.

Read more about threat modeling

Disclaimer

The names and details in this case study have been anonymized for confidentiality. This content is solely intended to highlight the general cybersecurity status of AMRs. Alias Robotics does not endorse, encourage, or promote unauthorized tampering with robotic systems, which may result in severe injury, significant property damage, and legal consequences.

Service & logistics applications

ARM1 Service & logistics applications ARM1 Service & logistics applications

System architecture of low cost AMR1

Overview of the onboard architecture
  • Onboard computer system: The onboard computer serves as the central hub for managing operations. It features an industrial-grade PC running a Debian-based Linux distribution with ROS (Robot Operating System).
  • Wireless communication system: Includes WiFi, enabling connectivity with MS, updates, and synchronization with other robots. It also supports remote management, allowing operators to monitor status, receive alerts, and adjust commands in real time.
  • Safety systems:
  • Equipped with a LIDAR sensor for collision avoidance.
  • Two emergency stop buttons (E-Stop) for immediate shutdown.
  • A front-facing 3D depth camera for enhanced obstacle and human detection.
  • User interface and control panel: Features an Android-based IoT board with a touchscreen, enabling operators to monitor status, adjust settings, and run diagnostics. It offers a unified control experience with real-time updates, error reporting, and MS integration.
  • Navigation and path-planning algorithms: Utilizes a ROS-based navigation stack that allows it to adjust its route autonomously based on real-time environmental data.

Actors

End user
NIS2 sectors

Robot operator
Production manager

Defender
Alias Robotics

Architecture data flow

The architecture data flow diagram outlines how different components interact and exchange information within the system. It highlights critical assets and their connections, providing insight into potential vulnerabilities.

Diagram architecture data flow

Trust boundaries

A trust boundary marks areas where multiple entities with different privileges interact. Systems with numerous external interfaces have more complex trust boundaries and larger attack surfaces. The following are the trust boundaries identified in this study:

  • TB1 – AGV
  • TB2 - Wireless 1
  • TB3 - Wireless 2
  • TB4 - TouchScreen
  • TB5 - Outside world
Diagrama 3

Entry points

Identified entry points where a malicious actor could initiate an attack:

  • EP1 (USB): Physical USB port, crossing from the Outside World to the AMR.
  • EP2 (Wi-Fi): Wireless communication, crossing from Outside World to Wireless 1
  • EP3 (Wi-Fi): Wireless communication, crossing from Outside World to Wireless 2.
  • EP4 (Physical): Wired communication, crossing from Outside World to TouchScrees.
Diagrama 4

Risk analysis and feasible attacks

Alias Robotics identified several possible attach pathways affecting low cost AMR1:

  • Malware Injection via USB
  • Man-in-the-Middle (MITM) Attack on the wireless network
  • Unauthorized Access through the web-based management interface
  • ROS Node Compromise
Diagrama 5

🧩 CONCLUSIONS

  • Low cost AMR1 is a highly capable industrial-grade robot with an expanded attack surface, making it a potential target for cybercriminals. Conducting a threat modeling exercise is essential to comply with industrial cybersecurity standards (IEC 62443 Part 4) and mitigate risks effectively.
  • Threat modeling is essential to comply with IEC 62443 Part 4 and to mitigate cybersecurity risks effectively.
  • The next step is to conduct cybersecurity testing of the identified threat landscape.
  • Cybersecurity is an iterative process that must be revisited regularly as new threats emerge.
  • Alias Robotics is a leading provider of robotic cybersecurity solutions.

Other case studies


Read more