OTRazor: Static Code Analysis for Vulnerability Discovery in Industrial Automation Scripts

The presentation discusses the vulnerabilities in industrial automation code and the need for secure communication and input validation. It also emphasizes the importance of resource isolation and the inclusion of security guidelines in code reviews.

• 100 files were analyzed, and vulnerabilities were found in two projects that allowed for arbitrary function execution and one project that allowed for arbitrary movement specification
• Secure communication and input validation are crucial in preventing vulnerabilities in automation code
• Resource isolation and the inclusion of security guidelines in code reviews are necessary for future languages
• An anecdote about the importance of input validation in a moving object like a robot is provided

The presentation highlights the challenge of deciding what to do when an automation program receives invalid input, especially when dealing with a moving object like a robot. If the robot is already in motion, it is not automatic to decide what to do if it receives a coordinate that is off the safety zone. This emphasizes the need for proper input validation or a safety system configured properly to implement input validation in the physical world.

In this talk, we delve into industrial robot programming, focusing on the security issues arising from the design and implementation choices of these platforms.Industrial robot manufacturers provide proprietary, domain-specific programming languages to operate these complex machines. Mostly focused on movement instructions, such programming languages also provide access to low-level system resources like files and network access, and some even allow dynamic code loading. While useful, these features can lead to unsafe programming patterns such as input-validation vulnerabilities or malware-like functionalities, especially if the underlying environment provides no resource isolation like those found in modern operating systems.After describing the technical features of the languages by eight leading manufacturers, we'll share several cases of vulnerable and malicious usage. We'll then present a static code analyzer that we created and patented, to scan robotic programs and discover unsafe code patterns. Our evaluation on 50 automation programs show that unsafe patterns are indeed found in real-world code, and that static source code analysis is an effective defense tool in the short term.We conclude by discussing the remediation steps that can be adopted by developers and vendors to mitigate such issues in the medium and long term.