Pierluigi Paganini January 28, 2019

Experts from Alias Robotics released a free, open-source tool dubbed Aztarna that could be used to find vulnerable robots.

A group of experts working a startup focused on robot cybersecurity has released a free, open-source framework dubbed Aztarna that could be used find vulnerable robots that could have been exposed online or inside an industrial environment.

The team of experts works for the cybersecurity firm Alias Robotics, the
Aztarna framework was designed to find vulnerable industrial routers and robots powered by ROS (Robot Operating System), SROS (Secure ROS) and other technologies.

“aztarna is an open source instrument developed by Alias Robotics, ready to be used by security researchers interested in robot footprinting. It allows to find robots powered by ROS, SROS and other robot technologies.” reads a blog post published by the experts,

Aztarna works as a classic port scanning tool and compares results with a built-in database of fingerprints for industrial devices from major vendors.

The tool is able to scan most popular industrial routers, including Ewon, Moxa, Westermo and Sierra Wireless manufacturers, for known flaws and misconfigurations.

The experts found close to 9000 insecure industrial routers in a first scan, 1586 of them in Europe, most misconfigured systems were in France (63%) and Spain (54%). The largest number of industrial routers detected was in the North American countries, with poor security settings in  36% in the US and 41% in Canada.

Anyone could contribute to the project by adding more fingerprints and patterns to support new robot components.

Researchers Alias Robotics informed the owners of the vulnerable robots about their discovery.

“Overall, we conclude that aztarna responds to the need of auditing robot security. As ROS is becoming the de facto standard in robot programming, more and more robots are being exposed everyday. The footprinting techniques on ROS are specially dangerous, because once detected and footprinted, ROS powered systems are inherently vulnerable. Existing robot security mitigations, such as SROS, are not used extensively.” concludes the research paper published by the experts.

“The present study reports mainly research robots aligned with prior art, but we have reported the footprinting of professional robots as well. We have discovered an array of internetconnected unprotected industrial routers, that could potentially host robots. There is an unresolved gap in robotics cybersecurity which would greatly benefit from releasing the first auditing tools.”

Pierluigi Paganini

(SecurityAffairs – Aztarna, hacking)

[adrotate banner=”5″] [adrotate banner=”13″]