Small Wonder: Uncovering Planned Obsolescence Practices in Robotics and What This Means for Cybersecurity

Abstract

Security in robotics is nothing really new if one considers modern OT and IT approaches, and most security practices translate directly to robots. However, there’s almost no security culture amongst robot makers. Building a robot requires careful selection of components that interact across networks while meeting timing deadlines. It isn’t uncommon for robot components to be compromised or fail over time, leading to complete system malfunction. Given the expensive prices of these machines (we focus on robots in the 25K-70K USD range), it’s only reasonable to consider the need for securing and repairing robots. We introduce and promote systematic “robot teardown” as an approach to repair robots by understanding their internals (still obscure). Needless to say, robot teardown is an essential practice in robot security. We show several “tricks from the trade” and the legal implications learned by porting reverse-engineering practices into the less-explored field of robotics. We explain how we a) discovered more than 90 security vulnerabilities in robots from Teradyne (MiR and UR) over a period of two years (never discussed publicly before), b) gained repairing capabilities on these robots, c) show evidence of planned obsolescence by comparing two sequentially released robot controllers, and d) demonstrate how robot hacking leads us to repurpose an older controller (previous version) from Universal Robots with their newer robots (arms) maintaining full capabilities and demonstrating that there’s no need to re-spend thousands of dollars again. Similar to Ford in the 1920s with cars, most robot manufacturers nowadays employ planned obsolescence practices and organize dealers and system integrators into “private networks”, providing repair parts only to “certified” companies to make repairs more difficult and evade competition. We wrap up by advocating for a “Right to Repair’’ in robotics to reduce robot e-waste and promote systematic teardowns for the benefit of security research.

Date
Jul 31, 2021 12:00 AM
Location
Las Vegas, US