When the cybersecurity industry warns of digital threats to the “internet of things,” the targets that come to mind are ill-conceived, insecure consumer products like hackable lightbulbs and refrigerators. But one group of researchers has shown how hackers can perform far more serious physical sabotage: tweaking an industrial robotic arm to cost millions of dollars worth of product defects, and possibly to damage the machinery itself or its human operator.
Researchers at the security firm Trend Micro and Italy’s Politecnico Milano have spent the last year and a half exploring that risk of a networked and internet-connected industrial robot. At the IEEE Security & Privacy conference later this month, they plan to present a case study of attack techniques they developed to subtly sabotage and even fully hijack a 220-pound industrial robotic arm capable of wielding gripping claws, welding tools, or even lasers. The ABB IRB140 they compromised has applications in everything from automotive manufacturing to food processing and packaging to pharmaceuticals.