Rogue Automation: Vulnerable and Malicious Code in Industrial Programming
Authors:Federico Maggi, Marcello Pogliani, Martino, Vittone, Davide Quarta, Stefano Zanero, Marco Balduzzi, Rainer Vosseler, Martin Rösler
Trend Micro, Inc.
Trend Micro Research
Technical Report
Abstract
In this research paper, we reveal previously unknown design flaws that malicious actors could exploit to hide malicious functionalities in industrial robots and other automated, programmable manufacturing machines. Since these flaws are difficult to fix, enterprises that deploy vulnerable machines could face serious consequences. An attacker could exploit them to become persistent within a smart factory, silently alter the quality of products, halt a manufacturing line, or perform some other malicious activity.
@TechReport{ maggi_rogueautomationwp_tr_2020,
abstract = {In this research paper, we reveal previously unknown
design flaws that malicious actors could exploit to hide
malicious functionalities in industrial robots and other
automated, programmable manufacturing machines. Since these
flaws are difficult to fix, enterprises that deploy
vulnerable machines could face serious consequences. An
attacker could exploit them to become persistent within a
smart factory, silently alter the quality of products, halt
a manufacturing line, or perform some other malicious
activity.},
author = {Maggi, Federico and Pogliani, Marcello and Vittone,
Martino, and Quarta, Davide and Zanero, Stefano and
Balduzzi, Marco and Vosseler, Rainer and Rösler, Martin},
date = {2020-08-04},
file = {files/papers/reports/maggi_rogueautomationwp_tr_2020.pdf},
institution = {Trend Micro, Inc.},
publisher = {Trend Micro Research},
series = {Research Papers},
shorttitle = {RogueAutomationWP},
title = {Rogue Automation: Vulnerable and Malicious Code in
Industrial Programming},
url = {https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/unveiling-the-hidden-risks-of-industrial-automation-programming}}