ROS Resources: Documentation | Support | Discussion Forum | Index | Service Status | ros @ Robotics Stack Exchange
Ask Your Question

Cyber security of robotic systems

asked 2015-01-23 14:20:05 -0500

DavidV gravatar image

Robotic systems are essentially computing platforms connected to hardware devices such as sensors and actuators. As such, they are susceptible to cyber attack just as other computing platforms. The risk with robotic systems can be far greater as these cyber-physical systems can do physical harm if hacked. As robotic systems become networked and connected to the Internet, this becomes a new path for cyber attack.

What concerns are there regarding cyber attack on robotic systems? What cyber security measures are implemented in robotic systems? Is there a concern about network attack?

Lastly, what's the worst thing that could happen if your robot was taken over by hackers?

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2015-01-23 15:35:40 -0500

ahendrix gravatar image

Since this forum is for users of ROS, I'll answer your question within the context of ROS. Other robotic software frameworks may provide more or less security features.

I'm acutely aware that someone might attack the computer within a robot, and cause it to do something that it shouldn't do. This might include disabling it, causing it to perform incorrectly, damage itself, damage it's surroundings, or injure somewhere nearby. Most of the research robots that run ROS are small and their size limits the damage that they can do, but some of the larger industrial arms that are used for manufacturing could do significant damage. (that said, most industrial arms currently do not run ROS and are not usually connected to the internet).

ROS provides no security features by default. No encryption, no authentication, and no sender verification. A malicious user on the same network as a robot running ROS will probably be able to see most of all of the robot's data, send commands, and generally cause bad things to happen. As a result, most ROS robots are run on networks which have a firewall, so that they cannot be accessed from the outside world. When robots do need to communicate over the internet using ROS, users usually deploy a VPN, so that the robot and its data are not accessible from other computers on the internet. For robots that exist on public networks and which don't need to communicate with any external computers, the host-level firewall can be configured to block all incoming traffic on the ports that ROS uses.

Given the complete lack of security features, I don't think there has been any analysis to look for security vulnerabilities such as buffer overflows or remote code execution possibilities within ROS.

edit flag offensive delete link more


One piece about this I'd like to highlight more is that not all attacks are intended to take control/extract sensitive data/etc. Simply disabling a device, even a small one without much potential to cause physical damage or harm, could cause significant collateral damage simply because the device is no longer able to perform its normal job.

slee-b gravatar image slee-b  ( 2020-01-23 13:29:32 -0500 )edit

answered 2016-04-01 03:05:39 -0500

ideechaniz gravatar image

Some research on authentication was done here:

"Message Authentication Codes for Secure Remote Non-Native Client Connections to ROS Enabled Robots" by Russell Toris and Craig Shue and Sonia Chernova

edit flag offensive delete link more

Question Tools

1 follower


Asked: 2015-01-23 14:20:05 -0500

Seen: 1,740 times

Last updated: Jan 23 '15