Penetration Testing (pentesting or PT) is an on-site (either in your office or in ours) offensive activity that seeks to find as many robot vulnerabilities as possible to risk-assess, prioritize and mitigate them. Relevant attacks are performed on the robot in order to confirm flaws including erratic behavior.
This exercise is effective at providing a thorough list of vulnerabilities and improvements to be made, and should ideally be performed before shipping a product.
This type of assessment is generally performed in a black-boxed manner where Alias doesn't have access to additional resources except what's publicly available.
Robot penetration testing allows you to get a realistic and practical input of how vulnerable your robot is within a scope. We challenge the security of your robotic technology, find as many vulnerabilities as possible and develop exploits to take advange of them.
(and drive the exercise)
(within a scope)
(using scoring systems)
After months of failed interactions with MIR and while trying to help secure their robots, Alias decided to empower end-users of Mobile Industrial Robots’ with information and disclosed preliminary results. This case study illustrates the information made available and the consequences of the insecurity.
This attack case study presents the penetration testing exercise conducted during the Week of Universal Robots’ Bugs. Our team challenged the security of these robots and developed exploits for identified vulnerabilities, across different firmware versions.
We pentest one of the most popular aerial robots, the DJI Mavic Pro drone and find more than 130 security flaws. Our results indicate that DJI's Bug Bounty program doesn't seem to operate any further and discloses 6 of the triaged flaws assessing their severity.
In cooperation with KUKA, the german Federal Cyber Security Authority (BSI) or the Spanish National Cybersecurity Institute (INCIBE) among others, we pentest KUKA's robots and responsibly disclose results hinting that further work is required to protect against hazards.
In cooperation with ABB, we tackled several security flaws identified in real deployed robots. We learned that while ABB cares about cyber security, many "older" ABB systems are flawed by both new (0-days) and old vulnerabilities leading to security EoL products.
This cyber security case study shows how our team performed a short pentesting activity on a popular and rapidly growing low cost service robot, the UFactory's xArm. We study the xArm family of robots and report on the most representative security flaws.
This study case presents the result of research and a posterior penetration testing exercise conducted on Softbank Robotics humanoid social robots. Building on top of past work, our team studied the security of these robots, and demonstrated the current insecurities.
This cyber security case study presents a brief penetration testing report alongside a novel exploit demonstration affecting the Tello Drone by Ryze and DJI.