Robot
penetration testing

Robot
penetration testing

Penetration Testing (pentesting or PT) is an on-site (either in your office or in ours) offensive activity that seeks to find as many robot vulnerabilities as possible to risk-assess, prioritize and mitigate them. Relevant attacks are performed on the robot in order to confirm flaws including erratic behavior.

This exercise is effective at providing a thorough list of vulnerabilities and improvements to be made, and should ideally be performed before shipping a product.

Attention This type of assessment is generally performed in a black-boxed manner where Alias doesn't have access to additional resources except what's publicly available.

See how it is done


Get now!

Why do you need robot pentesting?

Robot penetration testing allows you to get a realistic and practical input of how vulnerable your robot is within a scope. We challenge the security of your robotic technology, find as many vulnerabilities as possible and develop exploits to take advange of them.

report

The output is a report that contains:

Simplified threat model

to understand the threat landscape

(and drive the exercise)

List of flaws found

security vulnerabilities and weaknesses

(within a scope)

Risk assessment

and criticality of each flaw

(using scoring systems)

Provision exploits

and recommended mitigations

(for vulnerabilities)

Process
of robot
pentesting

1st step Kick-off and scope Our engineers meet your team, explain our approach and further discuss the scope to use during the assessment. 2nd step Information gathering We social engineer and footprint the robot or robot component in search for evidence that allows us to determine its characteristics. 3rd step Threat modeling We develop a simplified threat model identifying and reporting security threats which helps determining design flaws. 4th step Testing and vulnerability analysis We search and discover security flaws using both static and dynamic analysis techniques. 5th step Vulnerability exploitation Having identified security flaws, we develop custom exploits and test them against the robotic technology. 6th step Risk assessment For each exploitable flaw, we follow security standards and assess its risk and severity. 7th step Recommendations For each confirmed flaw, provide mitigation recommendations and facilitate reproduction. obtain written recommendations from the penetration testing company and have an opportunity to review the findings from the report with the ethical hacker(s). The findings and detailed explanations from the report will offer you insights and opportunities to significantly improve your security posture. The report should show you exactly how entry points were discovered from the OSINT and Threat Modeling phase as well as how you can remediate the security issues found during the Exploitation phase. 8th step Results and discussion Final meeting with the client where we present the results and advice on appropriate actions. Start! Get your results
1st step Kick-off and scope Our engineers meet your team, explainour approach and further discuss thescope to use during the assessment. 2nd step Information gathering We social engineer and footprint the robot orrobot component in search for evidence thatallows us to determine its characteristics. 5th step Vulnerability exploitation Having identified security flaws, we develop custom exploits and testthem against the robotic technology. 7th step Report Final meeting with the client wherewe present the results and adviceon appropriate actions. 6th step Risk assessment For each exploitable flaw,we follow security standards andassess its risk and severity. 3rd step Threat modeling We develop a simplified threat modelidentifying and reporting security threatswhich helps determining design flaws. 4th step Testing and vulnerability analysis We search and discover security flawsusing both static and dynamic analysistechniques.

Look at some
examples

report

Penetration testing: Mobile industrial Robots (MiR) in healthcare and industry

After months of failed interactions with MIR and while trying to help secure their robots, Alias decided to empower end-users of Mobile Industrial Robots’ with information and disclosed preliminary results. This case study illustrates the information made available and the consequences of the insecurity.

Read more
report

Penetration testing: UR3, UR5 & UR10 collaborative robots security testing

This attack case study presents the penetration testing exercise conducted during the Week of Universal Robots’ Bugs. Our team challenged the security of these robots and developed exploits for identified vulnerabilities, across different firmware versions.

Read more
report

Penetration testing:
commercial drones

We pentest one of the most popular aerial robots, the DJI Mavic Pro drone and find more than 130 security flaws. Our results indicate that DJI's Bug Bounty program doesn't seem to operate any further and discloses 6 of the triaged flaws assessing their severity.

Read more
report

Penetration testing: KUKA robots
in industry

In cooperation with KUKA, the german Federal Cyber Security Authority (BSI) or the Spanish National Cybersecurity Institute (INCIBE) among others, we pentest KUKA's robots and responsibly disclose results hinting that further work is required to protect against hazards.

Read more
report

Penetration testing: ABB robots
in industry

In cooperation with ABB, we tackled several security flaws identified in real deployed robots. We learned that while ABB cares about cyber security, many "older" ABB systems are flawed by both new (0-days) and old vulnerabilities leading to security EoL products.

Read more
report

Penetration testing: a low cost
service robot

This cyber security case study shows how our team performed a short pentesting activity on a popular and rapidly growing low cost service robot, the UFactory's xArm. We study the xArm family of robots and report on the most representative security flaws.

Read more
report

Penetration testing: Humanoid
social robots

This study case presents the result of research and a posterior penetration testing exercise conducted on Softbank Robotics humanoid social robots. Building on top of past work, our team studied the security of these robots, and demonstrated the current insecurities.

Read more
report

Penetration testing: Low cost
commercial drone

This cyber security case study presents a brief penetration testing report alongside a novel exploit demonstration affecting the Tello Drone by Ryze and DJI.

Read more

Do you have
any questions?

Get in touch with our team and we'll do our best to get back to you.

Other services   Let's talk