Abstract:
Industrial robots and their simulation software are widely used in manufacturing. Even though compromised physical robots pose a significant safety and financial risk, their security is hardly studied. We created an attacker model considering the differences between simulated and physical robots. With this model, we analyzed the security of Roboguide, a simulation software for programming Fanuc robots. In our analysis, we focused on the security of the virtual robot. As a result, we found 32 vulnerabilities, of which we expect 28 to also affect physical robots. Attackers can use these vulnerabilities to manipulate movement, disable safety features, perform denial of service attacks, and take control of the computer running Roboguide. These vulnerabilities indicate that Fanuc needs to prioritize the security of its products more. Our analysis also demonstrates that a security analysis using simulation software is feasible.