Over the course of the last few years, the Robot Operating System (ROS) has become a highly popular software framework for robotics research. ROS has a very active developer community and is widely used for robotics research in both academia and government labs. The prevalence and modularity of ROS cause many people to ask the question: “What prevents ROS from being used in commercial or government applications?” One of the main problems that is preventing this increased use of ROS in these applications is the question of characterizing its security (or lack thereof). In the summer of 2012, a crowd sourced cyber-physical security contest was launched at the cyber security conference DEF CON 20 to begin the process of characterizing the security of ROS. A small-scale, car-like robot was configured as a cyber-physical security “honeypot” running ROS. DEFFCON-20 attendees were invited to find exploits and vulnerabilities in the robot while network traffic was collected. The results of this experiment provided some interesting insights and opened up many security questions pertaining to deployed robotic systems. The Federal Aviation Administration is tasked with opening up the civil airspace to commercial drones by September 2015 and driverless cars are already legal for research purposes in a number of states. Given the integration of these robotic devices into our daily lives, the authors pose the following question: “What security exploits can a motivated person with little-to-no experience in cyber security execute, given the wide availability of free cyber security penetration testing tools such as Metasploit?” This research focuses on applying common, low-cost, low-overhead, cyber-attacks on a robot featuring ROS. This work documents the effectiveness of those attacks.
[1]
T. Humphreys,et al.
Assessing the Spoofing Threat: Development of a Portable GPS Civilian Spoofer
,
2008
.
[2]
Morgan Quigley,et al.
ROS: an open-source Robot Operating System
,
2009,
ICRA 2009.
[3]
Matti Valovirta,et al.
Experimental Security Analysis of a Modern Automobile
,
2011
.
[4]
Thomas Wilhelm,et al.
Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research
,
2007
.
[5]
Tadayoshi Kohno,et al.
A spotlight on security and privacy risks with future household robots: attacks and lessons
,
2009,
UbiComp.
[6]
David Mascarenas,et al.
Towards the development of tamper-resistant, ground-based mobile sensor nodes
,
2011,
Security + Defence.
[7]
David Mascarenas,et al.
Escape and evade control policies for ensuring the physical security of nonholonomic, ground-based, unattended mobile sensor nodes
,
2011,
Defense + Commercial Sensing.
[8]
Shwetak N. Patel,et al.
Experimental Security Analysis of a Modern Automobile
,
2010,
2010 IEEE Symposium on Security and Privacy.