Security News > 2020 > August > Legacy Programming Languages Pose Serious Risks to Industrial Robots
Researchers at the Polytechnic University of Milan and cybersecurity firm Trend Micro have analyzed some of the most popular industrial programming languages and showed how they can open the door to attacks against robots and other programmable manufacturing machines.
The researchers analyzed programming languages from ABB, Comau, Denso, Fanuc, Kawasaki, Kuka, Mitsubishi, and Universal Robots, which can be used to create custom applications that enable industrial robots to carry out complex automation routines.
In addition to vulnerabilities in the apps developed with the analyzed programming languages, researchers discovered design flaws that can be exploited to hide malicious functionality in industrial robots and even create self-spreading malware.
A proof-of-concept malware developed by the researchers using one of the legacy programming languages can automatically spread in the compromised environment like a worm and exfiltrate valuable data from devices, while allowing the attackers to remotely control their creation.
According to the researchers, these types of attacks are most likely to be launched by a well-resourced attacker - setting up a small lab to conduct experimental attacks on industrial robots can cost between $20,000 and $250,000 - who has specific knowledge of the targeted organization.