Robot
penetration testing

Robot
penetration testing

On-site (either in your office or in ours) direct robot hacking. Relevant attacks are performed on the robot in order to confirm flaws including or erratic behavior.

This exercise produces a realistic output and allows Alias Robotics' engineers to provide a direct practical assessment of the robot insecurities.

Attention This type of assessment is generally performed in a black-boxed manner where Alias doesn't have access to additional resources except what's publicly available.

See how it is done


Get now!

Why do you need robot pentesting?

Robot penetration testing allows you to get a realistic and practical input of how vulnerable your robot is within a scope. We challenge the security of your robots and exploit the identified vulnerabilities and weaknesses.

report

The output is a report that contains:

Robot attacks

performed and the corresponding findings

(for each flaw)

Simplified reproduction

instructions to replicate issues

(required for mitigation)

Criticality

using scoring systems

(e.g. RVSS or CVSS)

Provision exploits

and recommended mitigations

(for vulnerabilities)

Process
of robot
pentesting

1st step Kick-off and scope Our engineers meet your team, explain our approach and further discuss the scope to use during the assessment. 2nd step Reconnaissance and info acquisition We footprint and fingerprint the robot or robot component in search for evidence that allows us to determine its characteristics. 3rd step Weaponization and testing We test statically and dynamically your robot while we look for security flaws, determining a list of bugs that could compromise it. 4th step Cyber-intrusion and exploitation Having identified security flaws, we develop and deliver custom exploits, entering the robot and documenting it. 5th step Privilege escalation Once we've entered the robot, our engineers attempt to escalate privileges to obtain complete control. 6th step Lateral movement Robots are systems of systems, in this step we attempt to jump from one to another, growing our presence. 7th step Exfiltration With control over the robotics system we exfiltrate (extract) sensitive data including IP and other assets. 8th step Control The control step involves creating specific payloads that adapt to the robot and selectively commanding it as desired. 9th step Results and discussion Final meeting with the client where we present the results and advice on appropriate actions. Start! Get your report
1st step Kick-off and scope Our engineers meet your team, explainour approach and further discuss thescope to use during the assessment. 2nd step Reconnaissance and info acquisition We footprint and fingerprint the robot or robotcomponent in search for evidence that allowsus to determine its characteristics. 5th step Privilege escalation Once we've entered the robot, our engineers attempt to escalateprivileges to obtain complete control. 8th step Control The control step involves creating specificpayloads that adapt to the robot andselectively commanding it as desired. 7th step Exfiltration With control over the robotics systemwe exfiltrate (extract) sensitive dataincluding IP and other assets. 6th step Lateral movement Robots are systems of systems, in this stepwe attempt to jump from one to another,growing our presence. 9th step Results and discussion Final meeting with the client where we presentthe results and advice on appropriateactions. 3rd step Weaponization and testing We test statically and dynamically your robotwhile we look for security flaws, determininga list of bugs that could compromise it. 4th step Cyber-intrusion and exploitation Having identified security flaws, we developand deliver custom exploits, entering therobot and documenting it.

Look at some
examples

report

Penetration testing: UR3, UR5 and UR10 collaborative robots security testing

This attack case study presents the penetration testing exercise conducted during the Week of Universal Robots’ Bugs. Our team challenged the security of these robots and developed exploits for identified vulnerabilities, across different firmware versions.

Read more
report

Penetration testing: Humanoid
social robots

This study case presents the result of research and a posterior penetration testing exercise conducted on Softbank Robotics humanoid social robots. Building on top of past work, our team studied the security of these robots, and demonstrated the current insecurities.

Read more
report

Penetration testing: KUKA Robot
case study

In cooperation with KUKA, the german Federal Cyber Security Authority (BSI) or the Spanish National Cybersecurity Institute (INCIBE) among others, we pentest KUKA's robots and responsibly disclose results hinting that further work is required to protect against hazards.

Read more

Do you have
any questions?

Get in touch with our team and we'll do our best to get back to you.

Other services   Let's talk