Revision history [back]

Since this forum is for users of ROS, I'll answer your question within the context of ROS. Other robotic software frameworks may provide more or less security features.

I'm acutely aware that someone might attack the computer within a robot, and cause it to do something that it shouldn't do. This might include disabling it, causing it to perform incorrectly, damage itself, damage it's surroundings, or injure somewhere nearby. Most of the research robots that run ROS are small and their size limits the damage that they can do, but some of the larger industrial arms that are used for manufacturing could do significant damage. (that said, most industrial arms currently do not run ROS and are not usually connected to the internet).

ROS provides no security features by default. No encryption, no authentication, and no sender verification. A malicious user on the same network as a robot running ROS will probably be able to see most of all of the robot's data, send commands, and generally cause bad things to happen. As a result, most ROS robots are run on networks which have a firewall, so that they cannot be accessed from the outside world. When robots do need to communicate over the internet using ROS, users usually deploy a VPN, so that the robot and its data are not accessible from other computers on the internet. For robots that exist on public networks and which don't need to communicate with any external computers, the host-level firewall can be configured to block all incoming traffic on the ports that ROS uses.

Given the complete lack of security features, I don't think there has been any analysis to look for security vulnerabilities such as buffer overflows or remote code execution possibilities within ROS.