Scanning the Internet for ROS: A View of Security in Robotics Research
This highlights critical security vulnerabilities in robotics research platforms that could allow unauthorized physical access, posing risks to safety and privacy.
The researchers scanned the entire IPv4 address space to find instances of the Robot Operating System (ROS) exposed on the Internet, identifying that many hosts allow public access to robotic sensors and actuators, and demonstrated this by reading image data and moving a robot at a US university with consent.
Because robots can directly perceive and affect the physical world, security issues take on particular importance. In this paper, we describe the results of our work on scanning the entire IPv4 address space of the Internet for instances of the Robot Operating System (ROS), a widely used robotics platform for research. Our results identified that a number of hosts supporting ROS are exposed to the public Internet, thereby allowing anyone to access robotic sensors and actuators. As a proof of concept, and with consent, we were able to read image sensor information and move the robot of a research group in a US university. This paper gives an overview of our findings, including the geographic distribution of publicly-accessible platforms, the sorts of sensor and actuator data that is available, as well as the different kinds of robots and sensors that our scan uncovered. Additionally, we offer recommendations on best practices to mitigate these security issues in the future.