Guarding the Factory Floor: Catching Insecure Industrial Robot Programs


What if a perfectly patched industrial manufacturing machine can still harbor for vulnerabilities where no one is looking? What if the powerful programming languages used to program these machines can go beyond simple movement instructions, and actually allow threat actors to hide malware into the logic? Industrial robot OEMs provide proprietary, legacy programming languages to automate these complex machines. Mostly offering movement primitives, theseprogramming languages also give access to low-level system resources like files, network sockets, and some even allow memory and program pointer. While useful, these features may lead to insecure programming patterns such as input-validation vulnerabilities. Also, they’re powerful enough to allow the implementation of advanced malware functionalities, with an underlying runtime environment that provides no resource isolation. After going through the technical features of the languages by eight leading OEMs, we’ll share cases of vulnerable and malicious usage. We’ll then present a static code analyzer that we created and patented, to scan robotic programs and discover unsafe code patterns. Our evaluation on 100 automation task program files show that insecure patterns are indeed found in real-world code, and that static source code analysis is an effective defense tool in the short term.

Sep 12, 2020 12:00 AM