Robots state of insecurity is onstage. There is an emerging concern about major robot vulnerabilities and their adverse consequences. However, there is still a considerable gap between robotics and cybersecurity domains. For the purpose of filling that gap, the present technical report presents the Robotics CTF (RCTF), an online playground to challenge robot security from any browser. We describe the architecture of the RCTF and provide 9 scenarios where hackers can challengethe security of different robotic setups. Our work empowers security researchers to a) reproduce virtual robotic scenarios locally and b) change the networking setup to mimic real robot targets. We advocate for hacker powered security in robotics and contribute by open sourcing our scenarios.
The robotics landscape is rapidly evolving. Robots are spreading and will soon be everywhere. Systems traditionally employed in industry are being replaced by collaborative robots, and an increasing amount of professional and consumer robots are introduced in people’s daily activities. Following Personal Computers (PCs) and smartphones, robots are called to be the next technological revolution. Withal, robot cybersecurity is being largely underestimated, since safety cannot be granted without security
Over the last decade, the domains of security and cybersecurity have been substantially democratized, attracting individuals to many sub-areas within security assessment. According to recent technical reports summarizing hacker's activity in different sectors
Furthermore, some of the components of modern robotics such as the Robot Operating System
In an attempt to raise awareness around robot security, in this paper, we present the Robotics CTF (RCTF), an online playground that invites white-hat-hackers to challenge robot security easily. The Robotics CTF is designed to be an online game, available 24/7, launchable through any web browser and designed to learn robot hacking step by step. In the following section we discuss the architecture of the RCTF.
Robotics CTF (RTCF)
Alias Robotics' RCTF consists on an array of serial scenarios that hackers have to successfully complete as fast and accurately as possible, in order to proceed to the next scenario. With each completion, the successful robot hacker will be provided with a password that allows him/her to proceed to the next. The robot hacker can review her/his position on the ranking table and compare results against the rest of the hackers in the RCTF community.
Robotics CTF is designed to provide hackers with a full experience of the security landscape in robotics. Integrated in our webpage, the platform allows to learn using tools such as ROS, is compatible with other hacking tools and provides robot simulation through Gazebo
In an attempt to contribute with the security community, we are open sourcing the scenarios at rctf-list. We envision that as new scenarios become available, the sources will remain at this repository and only a subset of them will be pushed to our web servers for experimentation. We invite the community of roboticists and security researchers to play online and get a robot hacker rank.
We also invite security researchers to share their scenarios with the RCTF community, with the chance of potentially integrating them on the RCTF game. We gladly accept contributions through Pull Requests at rctf-list. Therein, the procedure of RCTF scenario submission is summarized, which require a short description of the goal of each scenario.
In this work, we introduce the Robotics CTF (RCTF), a platform for robot hacking. We propose a robot hacking gamification environment, accessible from any browser, 24/7 and anywhere in the world. Throughout the full tech report, we highlight that our approach allows security researchers to a) reproduce scenarios locally and b) change the networking setup to mimic their real targets.
We invite the whole security researcher community to play the RCTF and contribute with new scenarios of their own. We also warn society about the increasing relevance of robot vulnerabilities and advocate in favour of the creation of a strong robot ethical hacker community. Ultimately, we claim that robot security could benefit greatly from hacker powered security and contribute by open sourcing the existing scenarios created by our team.
For more details about our work, read the full paper here.