ROS Resources: Documentation | Support | Discussion Forum | Index | Service Status | ros @ Robotics Stack Exchange
Ask Your Question
6

Security Vulnerabilities in ROS

asked 2013-12-04 05:52:06 -0600

GreatSuccess gravatar image

As far as I'm aware, when a ROS master starts up on a machine, it opens a port for any network machine to attach to. This means that any machine with a route to the ROS machine can freely ask that ROS master for anything it has control over, for example, setting up ROSTCP/UDP connections with nodes running under that master. From an exploiter's point of view, this means that one has access to many avenues of exploitation on a machine running ROS. In the worst case, if a node running with sufficient privilege can potentially allow for an exploiter to run arbitrary code on the ROS machine with administrative privileges. Even on your average case, an exploiter can ask to connect to a topic such as a velocity command on a ROS system connected to mechanical hardware and actually manipulate hardware.

Are there any security measures in place for preventing this kind of situation? If not, are there any plans for adding measures, for example: credentials, to future distros of ROS?

edit retag flag offensive close merge delete
add a comment

4 Answers

Sort by ยป oldest newest most voted
3

answered 2013-12-04 05:55:22 -0600

dornhege gravatar image

Your observations are correct. There are no authentication mechanisms that I know of.

The usual answer/solution is: Put it in a VPN.

edit flag offensive delete link more

Comments

A VPN would be fine for a single machine, but this approach could get clunky for weaker computers (i.e. running ROS on a RasberryPi, Beagleboard, Panda etc). This could also be troublesome for multi-robot systems.

GreatSuccess gravatar image GreatSuccess  ( 2013-12-04 06:40:22 -0600 )edit
add a comment
2

answered 2016-10-15 00:02:44 -0600

ruffsl gravatar image

I know this is an old question, but I'm going to respond here for visibility.
Please check out the new SROS project for new developments to secure ROS.
You can read more about the announcement here:
http://discourse.ros.org/t/announcing-sros-security-enhancements-for-ros/536

edit flag offensive delete link more
add a comment
2

answered 2015-01-22 14:22:29 -0600

DavidV gravatar image

A VPN, which is tunneled encrypted traffic, is a good start. But, I'm concerned that users may believe that this provides all the needed cyber security for the robotic system. There are numerous other network security issues with which to contend. For instance, the VPN implementation itself may have vulnerabilities. Another major issue is that if a single node in a network of platforms connected by VPN is compromised, then that platform can serve as the conduit for an attacker to jump from one platform to the next. All within the security of the provided VPN.

edit flag offensive delete link more
add a comment
0

answered 2016-10-18 02:40:21 -0600

Natty gravatar image

Thanks Ruffsl,

Could you please provide time of availability in production-grade?

Thanks!

edit flag offensive delete link more

Comments

It mainly depends on the level of community participation. Morgan and myself developed the current state of SROS in about 3 months, time spent deliberating experimental implementations, exploring features. Now comes the more structured steps; standardising a REP, unit testing, rosccp support etc.

ruffsl gravatar image ruffsl  ( 2016-10-21 18:58:16 -0600 )edit
add a comment

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2013-12-04 05:52:06 -0600

Seen: 3,340 times

Last updated: Oct 15 '16

Related questions

How to check if ROS-Master is running from rosjava

Launching with parameters (was "How to block until a master is running")

Possible to communicate with new master without process restart?

rosmaster unresponsive

Clarity on ROS Master

error on connecting gazebo with android app [closed]

rostopic not showing data electric

Husky A200 crashed after Ubuntu 12.04 and Fuerte update

Will this Project be possible? / ROS Time Syncronisation

How can I get all currently running nodes from the master in rosjava?

ROS Answers is licensed under Creative Commons Attribution 3.0 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2