Case study: Remote attack to disable MiR100 safety
Publication from Robotics
CyberSecurity for Robotics 2019 (CSfR2019), Bilbao , 11/2019
In this abstract, we describe a case study where we remotely disabled the safety subsystem of a MiR100 industrial mobile robot. Due to several misconfigurations and negligence of standard security procedures (like changing default passwords), it is possible to retrieve, manipulate and reupload the safety program logic running on the dedicated safety PLC in the robot. We sketch the attack vector and describe its effects and possible mitigation strategies. The vulnerability described has been acknowledged by the robot manufacturer and is being addressed.