Understanding the Internet-Wide Vulnerability Landscape for ROS-based Robotic Vehicles

Summary

In this study, we investigate the Robot Operating System (ROS), an open source framework and middleware that facilitates the process of building robotic applications. There are currently two main versions of ROS: ROS 1 and ROS 2. There have been multiple instances of both versions, but more so with ROS 1, being exploited by cyberattacks. Specifically, if a ROS host is exposed on the Internet, an attacker could potentially take control of the host and cause external damage, including physical harm. Thus, we perform the two-part study described below:

We scan the IPv4 network space for publicly exposed ROS 1 hosts.
We also deploy ROS applications on honeypots throughout the world to investigate network traffic and detect any ROS-related attacks.

Scanning for Publicly Exposed ROS 1 Hosts

Following the results from DeMarinis et al. in 2019, we perform three scans of ROS 1 hosts to see how the number of publicly exposed ROS hosts has changed since then. We find that for each scan, the number of exposed hosts is substantially greater than the respective scan performed by DeMarinis et al.

Deploying ROS 1 and 2 Honeypots

In 2019, Dang et al. deployed hardware and software honeypots on multiple cloud server providers around the world. We perform a similar experiment by setting up 38 ROS 1 and ROS 2 honeypots around the world with cloud servers on Amazon Web Services, Google Cloud Platform, and Microsoft Azure and letting them run from November to December of 2023 while closely examining the traffic sent to them.

Figure 1: Geographical distribution of our ROS honeypots. The blue points represent the locations of our honeypots and the red points represent the locations of all the IPs that sent traffic to our honeypots.

Upon conclusion of the honeypot study in December, we received more than 4000 packets from over 200 different IP addresses located in various parts of the world. Although we did not observe any ROS-related attacks, we discovered ROS scans from crawlers such as Censys and Shodan, along with other potentially malicious scans via protocols such as SSH and HTTP.

Code and Data Release

The code to set up the honeypots, the code used in our scans, and the data collected from the scans can be found at https://github.com/ASGuard-UCI/roboscan.

Research Paper

[VehicleSec 2024] Understanding the Internet-Wide Vulnerability Landscape for ROS-based Robotic Vehicles

Wentao Chen*, Sam Der* (co-first authors), Yunpeng Luo, Fayzah Alshammari, and Qi Alfred Chen

The paper for this study is set to appear in the Symposium on Vehicle Security and Privacy (VehicleSec) 2024. To cite our paper, please use the following BibTeX citation:

@inproceedings{chen2024understanding,

title={{Understanding the Internet-Wide Vulnerability Landscape for ROS-based Robotic Vehicles}},

author={Chen, Wentao and Der, Sam and Luo, Yunpeng and Alshammari, Fayzah and Chen, Qi Alfred},

booktitle={{Symposium on Vehicle Security and Privacy (VehicleSec)}},

year={2024}

}

Team

Wentao Chen, B.S. CSE '24, University of California, Irvine
Sam Der, B.S. CSE '24, University of California, Irvine
Yunpeng Luo, Ph.D. student, CS, University of California, Irvine
Fayzah Alshammari, Ph.D. student, CS, University of California, Irvine
Qi Alfred Chen, Assistant Professor, CS, University of California, Irvine

Acknowledgements

This research was supported in part by the National Science Foundation under grants CNS-2145493, CNS-1929771, and CNS-1932464 as well as the United States Department of Transportation University Transportation Center Program under grant 69A3552348327.