In this talk, we delve into industrial robot programming, focusing on the security issues arising from the design and implementation choices of these platforms.
After describing the technical features of the languages by eight leading manufacturers, we’ll share several cases of vulnerable and malicious usage. We’ll then present a static code analyzer that we created and patented, to scan robotic programs and discover unsafe code patterns. Our evaluation on 50 automation programs show that unsafe patterns are indeed found in real-world code, and that static source code analysis is an effective defense tool in the short term. We conclude by discussing the remediation steps that can be adopted by developers and vendors to mitigate such issues in the medium and long term.
By Federico Maggi, Marcello Pogliani, Davide Quarta, Stefano Zanero, Marco Balduzzi
Full Abstract & Presentation Materials: https://www.blackhat.com/us-20/briefings/schedule/#otrazor-static-code-analysis-for-vulnerability-discovery-in-industrial-automation-scripts-19523