Penetration Testing (pentesting or PT) is an on-site (either in your office or in ours) offensive activity that seeks to find as many robot vulnerabilities as possible to risk-assess, prioritize and mitigate them. Relevant attacks are performed on the robot in order to confirm flaws including erratic behavior.
This exercise is effective at providing a thorough list of vulnerabilities and improvements to be made, and should ideally be performed before shipping a product.
This type of assessment is generally performed in a black-boxed manner where Alias doesn't have access to additional resources except what's publicly available.
Robot penetration testing allows you to get a realistic and practical input of how vulnerable your robot is within a scope. We challenge the security of your robotic technology, find as many vulnerabilities as possible and develop exploits to take advange of them.
(and drive the exercise)
(within a scope)
(using scoring systems)
This attack case study presents the penetration testing exercise conducted during the Week of Universal Robots’ Bugs. Our team challenged the security of these robots and developed exploits for identified vulnerabilities, across different firmware versions.
After months of failed interactions with MIR and while trying to help secure their robots, Alias decided to empower end-users of Mobile Industrial Robots’ with information and disclosed preliminary results. This case study illustrates the information made available and the consequences of the insecurity.
In cooperation with KUKA, the german Federal Cyber Security Authority (BSI) or the Spanish National Cybersecurity Institute (INCIBE) among others, we pentest KUKA's robots and responsibly disclose results hinting that further work is required to protect against hazards.