Robot Cybersecurity, a Review

Robots are often shipped insecure and in some cases fully unprotected. The rationale behind is threefold: first, defensive security mechanisms for robots are still in their early stages, not covering the complete threat landscape. Second, the inherent complexity of robotic systems makes their protection costly, both technically and economically. Third, vendors do not generally take responsibility in a timely manner, extending the zero-day exposure window (time until mitigation of a zero-day) to several years on average. Worse, several manufacturers keep forwarding the problem to the end-users of these machines or discarding it. In this article we review the status of robot cybersecurity considering three sources of data: 1) recent literature, 2) questionnaires performed in top robotics forums and 3) recent research results in robot cybersecurity. Building upon a decade of experience in robotics, this article reviews the current status of cybersecurity in robotics and argues about the current challenges to secure robotic systems. Ultimately, based on the empirical results collected over a period of three years performing security assessments in robots, the present text advocates for a complementary offensive approach methodology to protect robots in a feasible and timely manner

Robot Teardown, Stripping Industrial Robots for Good

Building a robot requires a careful selection of components that interact across networks while meeting timing deadlines. Given the complexity associated, as robots get damaged or security compromised, their components will increasingly require updates and replacements. Contrary to the expectations and similar to Ford in the 1920s with cars, most robot manufacturers oppose to this. They employ planned obsolescence practices organizing dealers and system integrators into "private networks", providing repair parts only to "certified" companies to discourage repairs and evade competition. In this article, we introduce and advocate for robot teardown as an approach to study robot hardware architectures and fuel security research. We show how teardown can help understanding the underlying hardware and demonstrate how our approach can help researchers uncovering security vulnerabilities. Our case studies show how robot teardown becomes an essential practice to security in robotics, helping us identify and report a total of 100 security flaws with 17 new CVE IDs over a period of two years. Lastly, we finalize by demonstrating how, through teardown, planned obsolescence hardware limitations can be identified and bypassed obtaining full control of the hardware, which poses both a threat to the robot manufacturers' business model as well as a security threat

Data Security for the SME

Whilst much discussion takes place within the Cyber Security Industry, and at annual events, such as yearly Infosecurity show held in London, with emphasis on the corporate world of security, very little attention given to the often forgotten (ignored) smaller enterprise and millions (billions) of end-users who face the very same cyber-threats on an everyday basis. However, this imposition is further compounded by the fact that generally, most of those within the SME sector, and ordinary end-user individuals can be deficient when it comes to cyber-defences, with a much lower level of cybersecurity savvy skills, which by inference exposes a soft-belly of low hanging fruit, manifesting in a significant surface of attack open to abuse by cybercriminals. In the current age of insecurity, such exposures are particularly noteworthy as threats posed by the potential of encountering a Ransomware attack may be concluded to be significant. This paper looks to outline the threats of the current age of 2020 posed by Ransomware and focuses on how the overlooked SME and Individuals may secure their most precious data object, and their business with affordable, simplistic tools and practices

Impact of Tools on the Acquisition of RAM Memory

When responding to a security incident in a system, several basic principles must be followed regarding the collection of pieces of evidence from the system. The capture of these pieces of evidence has to be done according to its order of volatility. In this sense, RAM memory constitute the most important element to capture, given its extreme volatility. RAM memory must be acquired and analyzed because the data it holds, which may belong to the system itself or to any other device connected to it, can survive a certain amount of time in it. Since RAM is a constantly changing element, it must be stood out that any action carried on the system under analysis will modify the contents of the RAM. In this article a comparative and an objective analysis has been carried out, showing the impact that the execution of some tools for the capture of RAM has on the system. This comparative study details both the private shared workspaces, for each of the processes executed by each of the tools used

The Importance of the Three P's in the Investigation

This article introduces the importance of process during the investigation and the acquisition phases of logical/physical artifacts which may be required during the course of such professional engagement. The article then focuses on the necessity to have a robust supportive framework in a state of preparedness to facilitate the First Responders and CSIRT (Computer Security Incident Response Team) with the necessary underpin to support such investigative engagements – considering effective and pragmatic Policies, Case Management, operational Security Protocols (Run-Books) and all other necessary attributes to underpin a professional, prepared posture from which a team may effectively, and robustly engage an investigation/incident. To elaborate on the importance of such an approach, we outline a number of real-world cases where ineffective processes and controls were applied. Finally, we review the essential elements of securely managing case-related data, and the absolute need to apply security mechanisms such as Certified Standards of FIPS-140-2 encryption to secure sensitive case related assets to assure they are robustly protected at all stages of their life cycle when they are in physical transit, or when they are at rest, associated with a desk-bound PC. The end objective to the entire article is to stress an absolute need to apply process to, as far as is practicable, to achieve positive conclusions from any investigation or incident which has been engaged

The Cybersecurity Aspects of New Entities Need a Cybernetic, Holistic Perspective

In our connected world security and proof (evidence constituted in Verifiable Credentials (VC, W3C)) is distributed over what an individual can attest, what my objects tell about me (that is why AI = inferences from that data, is so important), and my behavior: “apply shaving foam” is a number in coelition.org. It is clear that we can no longer isolate the notion of security as in securing devices or securing infrastructure. In this brief article which is the background to a number of workshops that the authors and the Journal will host together, we sketch what we believe to be the end of a paradigm of a government model that has outsourced capabilities to the market. It is in the process of privatizing its last public capability: identity management. This is causing tremendous stress in systems, services, organizational procedures, and individuals. We propose a holistic perspective, distributing security at two points: at the device level and a moral movement at a societal level. As a time out to create room to discuss this broadly, we propose a particular model of SSI and disposable identities

Editorial–Inaugural Issue of the IJCFATI

This article introduces the inaugural issue for the International Journal of Cyber Forensics and Advanced Threat Investigations. The article outlines the journal’s aims and scope and summarizes the articles published in the issue

Cyber Forensics on Internet of Things: Slicing and Dicing Raspberry Pi

Any device can now connect to the Internet, and Raspberry Pi is one of the more popular applications, enabling single-board computers to make robotics, devices, and appliances part of the Internet of Things (IoT). The low cost and customizability of Raspberry Pi makes it easily adopted and widespread. Unfortunately, the unprotected Raspberry Pi device—when connected to the Internet—also paves the way for cyber-attacks. Our ability to investigate, collect, and validate digital forensic evidence with confidence using Raspberry Pi has become important. This article discusses and presents techniques and methodologies for the investigation of timestamp variations between different Raspberry Pi ext4 filesystems (Raspbian vs. UbuntuMATE), comparing forensic evidence with that of other ext4 filesystems (i.e., Ubuntu), based on interactions within a private cloud, as well as a public cloud. Sixteen observational principles of file operations were documented to assist in our understanding of Raspberry Pi’s behavior in the cloud environments. This study contributes to IoT forensics for law enforcement in cybercrime investigations

Editorial–Volume 2, No 1 (2021) of the IJCFATI

This article introduces volume 2, no 1 (2021) for the International Journal of Cyber Forensics and Advanced Threat Investigations. The article outlines some insights, updates and summarizes the articles published in the issue

Making the Invisible Visible – Techniques for Recovering Deleted SQLite Data Records

Forensic analysis and evidence collection for web browser activity is a recurring problem in digital investigation. It is not unusual for a suspect to cover his traces. Accordingly, the recovery of previously deleted data such as web cookies and browser history are important. Fortunately, many browsers and thousands of apps used the same database system to store their data: SQLite. Reason enough to take a closer look at this product. In this article, we follow the question of how deleted content can be made visible again in an SQLite-database. For this purpose, the technical background of the problem will be examined first. Techniques are presented with which it is possible to carve and recover deleted data records from a database on a binary level. A novel software solution called FQLite is presented that implements the proposed algorithms. The search quality, as well as the performance of the program, is tested using the standard forensic corpus. The results of a performance study are discussed, as well. The article ends with a summary and identifies further research questions