Case study: Remote attack to disable MiR100 safety

Abstract

In this paper, we describe a case study where we remotely disabled the safety subsystem of a MiR100 industrial mobile robot. Due to several misconfigurations and negligence of standard security procedures (like changing default passwords), it is possible to retrieve, manipulate and re-upload the safety program logic running on the dedicated safety PLC in the robot. We sketch the attack vector and describe its effects and possible mitigation strategies. The vulnerability described has been acknowledged by the robot manufacturer and is being addressed.

Publication
Cybersecurity for Robotics 2019