According to a team of security researchers, “robotics industry has not seriously allocated effort to follow good security practices in the robots produced”. In their attempt to provide this industry with the right assessment tools, the team has created a free, open-source tool which footprints robots. The tool is called Aztarna, and the company behind it is Alias Robotics, a Spanish cybersecurity firm.
The Aztarna Tool in Details
Shortly said, “aztarna is an open source instrument developed by Alias Robotics, ready to be used by security researchers interested in robot footprinting. It allows to find robots powered by ROS, SROS and other robot technologies,“ the researchers explain.
How did the idea appear? Last year, a research was published on robot visibility on the internet, and the results were staggering. University of Brown researchers scanned and discovered 100 ROS-running internet-connected robots that could easily be targeted by cybercriminals. Even though this huge security issue triggered international reactions, six months later the issue persisted. Alias Robotics experts found that hundreds of robots are “still openly connected to the internet and potentially hackable”, and decided to act on the problem.
The Aztarna tool is written in Python 3 which works as a port scanning instrument with a built-in database of fingerprints for industrial routers, such as Westermo, Moxa, Sierra Wireless, and eWON. Aztarna’s database also features robotic technologies, components and patterns that enable the tool to test devices against known security vulnerabilities and misconfigurations.
“With this contribution, we aim to raise awareness and interest of the robotics community, robot manufacturers and robot end-users on the need of starting global actions to embrace security”, the researchers noted.
In addition, the Aztarna tool can work in several work modes according to various pentesting scenarios. The tool is capable of scanning defined IP addresses, a network IP range, results from the Shodan search engine. The tool can even scan the entire internet with the help of other scanning tools such as ZMap or masscan.
The team is also disclosing preliminary results of their work process that reveal the current state of insecurity in the industry. Further details about the Aztarna tool and the research behind it are available in the official paper.