Can ROS be used securely in industry? Red teaming ROS-Industrial
This addresses security risks for industrial robotics using ROS, highlighting vulnerabilities that could impact adoption and safety, though it is incremental as it focuses on existing systems rather than new solutions.
The study investigated whether ROS can be used securely in industrial settings by conducting offensive security exercises, finding that attacks compromised the ROS computational graph and controlled most robotic endpoints, indicating current insecure use.
With its growing use in industry, ROS is rapidly becoming a standard in robotics. While developments in ROS 2 show promise, the slow adoption cycles in industry will push widespread ROS 2 industrial adoption years from now. ROS will prevail in the meantime which raises the question: can ROS be used securely for industrial use cases even though its origins didn't consider it? The present study analyzes this question experimentally by performing a targeted offensive security exercise in a synthetic industrial use case involving ROS-Industrial and ROS packages. Our exercise results in four groups of attacks which manage to compromise the ROS computational graph, and all except one take control of most robotic endpoints at desire. To the best of our knowledge and given our setup, results do not favour the secure use of ROS in industry today, however, we managed to confirm that the security of certain robotic endpoints hold and remain optimistic about securing ROS industrial deployments.