A tool to combat security flaws affecting industrial robots

In the face of the explosion of cybersecurity, we had to find ways to deal with the problem of vulnerabilities that, as we know, cannot be eradicated out of hand.

In this context, IT security specialists are doing everything possible to deploy a range of means to combat these problems.

This article will also interest you: These digital tools that have allowed businesses to hold on

On the Trend Micro side, the solution came from tackling the problems from their roots. But this time with regard to attacks that target industrial networks, especially robots generally used in this sector. The Japanese computer security company decided to take an interest in the programming of its industrial tools. To do this, it has developed a tool with the aim of being able to initiate the audits of these industrial robots and automatons from their source code. A program that is adapted to the programming language used in the industry sector.

The pandemic that shook the world with coronavirus demonstrated how more fragile industrial systems and networks were than people thought. These infrastructures were as vulnerable as others to traditional cyber-malleneence. For example, during the month of August, the report provided by the Japanese computer security company to demonstrate that fraud to the president with a voucher of only 19 percent during the first half of 2020 compared to last year. In terms of ransomware attacks, they increased by 45% compared to last year alone in the first half of 2020. They have also seen the birth of new families of cyber criminals. As for the use of malware in cyberattacks, it is rather a decrease that has been observed by Trend Micro. The Japanese company later reported: "In just six months, Trend Micro has blocked 8.8 million Covid-19 threats."

Even if they are in a fairly isolated area of the traditional relationship between cybercrime and the organization system, it should nevertheless be said that computer networks and systems have continued and continue to be highly exposed to computer attacks.

According to research by the Japanese cybersecurity firm, an increase in security vulnerabilities was observed in the first half of 2020 to the tune of 16%, compared to the first half of 2019. This increase is happening on a recurring basis now over the last 5 years.

For this, trend Micro has developed in partnership with the Politecnico di Milano, a computer program in utility would detect vulnerabilities or malicious codes in the system of robots or industrial automatons. Enough to increase the security of these tools

The announcement was made at Black Hat USA in August. As described by Trend Micro during one of the world's largest cybersecurity events, their IT tool is supposed to address two major weaknesses identified. First the design sheets of robots and industrial automatons. "Robots weren't designed for their code to put safety in place," says Renaud Bidou, Trend Micro's Southern Europe technical director. Like the web a few years ago, before the arrival of URLs in https, for example, with SSL or TLS encryptions. ». According to the latter, the main mistake is "the overall architecture of the robot," he continues. Note, for example, that when an operating system is designed, it is programmed to allow each user to access it with a particular privilege in mind with unique access. However: "Industrial robots – or automated driving systems, for that matter – are designed so that everyone has all the rights to access everything." This makes them even more exposed to malware and cyberattacks.

"Unfortunately, there's not much we can do for existing systems," says Bidou. For new devices, the only solution is to secure the code. ». This explains why trend Micro developed this static code analysis tool perform an audit before putting it on the market. "You take your code, on a PC at the beginning, and pass it through the tool, which will tell you that this part of the code is not secure or that here there is no control of access rights. Sometimes the codes found in robots are public, open source, which is always a big source of vulnerability. Our tool is able to say that such a piece of code is itself already known for such vulnerability. adds the expert.

In a sense, the tool is not really innovative. But the fact that its detection function, which is adapted to the very specific programming language, gives it a special look: "Classical computing has only about ten important languages (C, C, Java, JavaScript…) and they are compatible with all environments (Windows, Linux, Mac, Android…). In the world of industrial robotics, each manufacturer has its own languages – not well documented on the outside, so you have to relearn everything when you go from one to the other. ».

However, the way this tool will be marketed has not yet been explained by the Japanese cybersecurity company. "As we are developing with the Politecnico di Milano, it is not impossible that there is an open source version," notes the specialist. He added: "Develop similar tools that work in real time, says Renaud Bidou. This already exists for conventional computing with Runtime Application Self-Protection (RASP), but not yet for robotic systems. ».

Now access an unlimited number of passwords:

Check out our hacking software