Consumers are used to the idea of planned obsolescence — designing a product specifically to force a user to buy a new one year after year. It could be the gizmo whose battery cannot be replaced. But when it comes to industrial robotics, buyers might assume a certain lifespan for their tens-of-thousands of dollars investment.
Robotics researcher Víctor Mayoral-Vilches of Alias Robotics and security researcher Frederico Maggi from Trend Microwill present research during Thursday's Black Hat talks that planned obsolescence is alive and well in the robotics market, and argue that security suffers as a result.
"The robots present a number of functions that make it difficult for end-users and for distributors to repair these machines, locking users into a particular brand, locking users into a particular product or in some cases, suggesting the customers to upgrade when, frankly speaking, there's no real technical reason," said Mayoral-Vilches.
The research process started out as a standard exploration of OT security, finding a smattering of vulnerabilities in Teradyne robots, some of which will be reported publicly for the first time during the presentation. But it evolved over time to look at planned obsolescence in the industry.
The duo looked closest at collaborative robots, sometimes called cobots, which are heavily customizable systems designed to be adapted to work alongside plant workers in a variety of environments.
What they found were vendors who made it impossible to even update firmware without having an exclusive contractor do the installation, firmware released without documentation, even wires whose plugs changed for no apparent reason whatsoever. By only producing the newest version of those cables, a company could force a client to buy a new robot prematurely.
"But if you pull off the wrong plug and just connect the the wires, you have a working unit. Even if they are two revisions apart. It's just a plug that has been changed in shape," said Maggi.
Mayoral-Vilches stressed that getting a new robot ahead of schedule could be a significant expense: "they cost as much as my house."
The issues with planned obsolescence can become a security issue when preventing ease of repair necessitates secrecy of the upgrades. If only the vendor can see the firmware, security staff can never be sure exactly what they are getting.
"If we're not entitled to have the release notes, or the firmware updates. How can we tell if these robots are sending back data to China, to Russia?" asked Mayoral Vilches.
Maggi compared obsolescence practices in robotics to the security landscape a decade ago, when vendors made auditing and reporting difficult for security researchers. This, too, he said, was ripe to change over time.
Until then, Mayoral-Vilches said, it is not just a security issue, but a safety issue.
"You cannot guarantee safety, which is that the robot doesn't harm its environment, If you don't first guarantee that the robot is going to behave exactly as you want," he said.