Robot
penetration testing

Robot
penetration testing

Penetration Testing (pentesting or PT) is an on-site (either in your office or in ours) offensive activity that seeks to find as many robot vulnerabilities as possible to risk-assess, prioritize and mitigate them. Relevant attacks are performed on the robot in order to confirm flaws including erratic behavior.

This exercise is effective at providing a thorough list of vulnerabilities and improvements to be made, and should ideally be performed before shipping a product.

Attention This type of assessment is generally performed in a black-boxed manner where Alias doesn't have access to additional resources except what's publicly available.

See how it is done


Get now!

Why do you need robot pentesting?

Robot penetration testing allows you to get a realistic and practical input of how vulnerable your robot is within a scope. We challenge the security of your robotic technology, find as many vulnerabilities as possible and develop exploits to take advange of them.

report

The output is a report that contains:

Simplified threat model

to understand the threat landscape

(and drive the exercise)

List of flaws found

security vulnerabilities and weaknesses

(within a scope)

Risk assessment

and criticality of each flaw

(using scoring systems)

Provision exploits

and recommended mitigations

(for vulnerabilities)

Process
of robot
pentesting

1st step Kick-off and scope Our engineers meet your team, explain our approach and further discuss the scope to use during the assessment. 2nd step Information gathering We social engineer and footprint the robot or robot component in search for evidence that allows us to determine its characteristics. 3rd step Threat modeling We develop a simplified threat model identifying and reporting security threats which helps determining design flaws. 4th step Testing and vulnerability analysis We search and discover security flaws using both static and dynamic analysis techniques. 5th step Vulnerability exploitation Having identified security flaws, we develop custom exploits and test them against the robotic technology. 6th step Risk assessment For each exploitable flaw, we follow security standards and assess its risk and severity. 7th step Recommendations For each confirmed flaw, provide mitigation recommendations and facilitate reproduction. obtain written recommendations from the penetration testing company and have an opportunity to review the findings from the report with the ethical hacker(s). The findings and detailed explanations from the report will offer you insights and opportunities to significantly improve your security posture. The report should show you exactly how entry points were discovered from the OSINT and Threat Modeling phase as well as how you can remediate the security issues found during the Exploitation phase. 8th step Results and discussion Final meeting with the client where we present the results and advice on appropriate actions. Start! Get your results
1st step Kick-off and scope Our engineers meet your team, explainour approach and further discuss thescope to use during the assessment. 2nd step Information gathering We social engineer and footprint the robot orrobot component in search for evidence thatallows us to determine its characteristics. 5th step Vulnerability exploitation Having identified security flaws, we develop custom exploits and testthem against the robotic technology. 7th step Report Final meeting with the client wherewe present the results and adviceon appropriate actions. 6th step Risk assessment For each exploitable flaw,we follow security standards andassess its risk and severity. 3rd step Threat modeling We develop a simplified threat modelidentifying and reporting security threatswhich helps determining design flaws. 4th step Testing and vulnerability analysis We search and discover security flawsusing both static and dynamic analysistechniques.

Look at some
examples

report

Penetration testing: UR3, UR5 and UR10 collaborative robots security testing

This attack case study presents the penetration testing exercise conducted during the Week of Universal Robots’ Bugs. Our team challenged the security of these robots and developed exploits for identified vulnerabilities, across different firmware versions.

Read more
report

Penetration testing: Mobile industrial Robots (MiR) in healthcare and industry

After months of failed interactions with MIR and while trying to help secure their robots, Alias decided to empower end-users of Mobile Industrial Robots’ with information and disclosed preliminary results. This case study illustrates the information made available and the consequences of the insecurity.

Read more
report

Penetration testing: KUKA Robot
case study

In cooperation with KUKA, the german Federal Cyber Security Authority (BSI) or the Spanish National Cybersecurity Institute (INCIBE) among others, we pentest KUKA's robots and responsibly disclose results hinting that further work is required to protect against hazards.

Read more

Do you have
any questions?

Get in touch with our team and we'll do our best to get back to you.

Other services   Let's talk