Technology

Industry 4.0: CNC Machine Security Risks Part 2

Computer numerical controller machine (CNCs) are machines used to produce products in a factory setting. They have been in use for many years, and in the last decade, their use has become more widespread due to increased connectivity, and vulnerability.

For this blog, we will continue discussing our evaluated vendors and highlighting findings that we discovered during our research.

Haas
Figure 1. The Haas simulator we used for preliminary testing (left) and the Haas CNC machine (Super Mini Mill 2) by Celada we used for verification (right)

Haas was the first vendor we focused on because of the fast availability of its controller. We began our analysis by conducting port scanning on the controller simulator and identifying the protocols exposed by the controller. After that, we evaluated the options with which an attacker could abuse the protocols to perform attacks aimed at the security of the machine and verified these attacks in practice on a real-world machine installation.

Okuma
Figure 2. The Okuma simulator we used for the development of the malicious application and during the initial testing

Okuma stands out in the market of CNC controllers for one interesting feature: the modularity of its controller. While the vendor offers in the device’s simplest form a tiny controller, it also provides a mechanism, called THINC API, to highly customize the functionalities of the controller. With this technology, any developer can implement a program that, once installed, runs in the context of the controller, in the form of an extension. This approach is very similar to how a mobile application, once installed, can extend a smartphone’s functionalities.

Heidenhain
Figure 3. The Hartford 5A-65E machine, running on a Heidenhain TNC 640 controller, that we used in our experiments at Celada

In the spirit of the Industry 4.0 paradigm, Heidenhain offers the Heidenhain DNC interface to integrate machines on modern, digital shop floors. Among the many scenarios, Heidenhain DNC enables the automatic exchange of data with machine and production data acquisition (MDA/PDA) systems, higher level enterprise resource planning (ERP) and manufacturing execution systems (MESs), inventory management systems, computer-aided design and manufacturing (CAD/CAM) systems, production activity control systems, simulation tools, and tool management systems

Related Post

In our evaluation, we had access to the library provided by Heidenhain to the integrators to develop interfaces for the controller. The manufacturer provides this library, called RemoTools SDK,35 to selected partners only.

Innovation Newsletter
Don't miss the most important news about Innovation. Sign up to receive them by email.
Fanuc
Figure 4. The Yasuda YMC 430 + RT10 machine, running on a Fanuc controller, that we used in our experiments at the Polytechnic University of Milan

Like Heidenhain, Fanuc offers an interface, called FOCAS,36 for the integration of CNC machines in smart network environments. Even though this technology offers a restricted set of remote-call possibilities compared with the other vendors’ (that is, a limited number of management features), our experiments showed that a miscreant could potentially conduct attacks like damage, DoS, and hijacking.

Read more

BlogofInnovation.com 

Innovation Newsletter
Don't miss the most important news about Innovation. Sign up to receive them by email.

Recent Posts

Former Georgia, Miami coach Mark Richt named 2025 Paul Bear Bryant Heart of a Champion

​​HOUSTON, October 10, 2024 — Former University of Georgia and University of Miami football coach Mark Richt has been named…

9 hours ago

How to Spoof Pokemon GO On Android Without Computer and with Android 14 Supported

NEW YORK, N.Y., Oct. 10, 2024 (SEND2PRESS NEWSWIRE) — The latest version (2.2.0) of iAnyGo Android APP from Tenorshare is…

13 hours ago

Aclarion to Participate in the 2024 Maxim Healthcare Virtual Summit

​​Fireside Chat Scheduled for 2:00 PM ET on October 15, 2024BROOMFIELD, Colo. - (NewMediaWire) - October 10, 2024 - Aclarion,…

15 hours ago

Heart failure, atrial fibrillation & coronary heart disease linked to cognitive impairment

​​Statement Highlights: Previous studies have found that 14-81% of patients with heart failure experience some degree of cognitive impairment affecting…

17 hours ago

Maximize Online Visibility with Cutting-Edge SEO Packages for Rapid Business Growth

In today’s fast-paced digital landscape, businesses of all sizes are vying for attention in an ever-crowded online space. With search…

1 day ago

Qdexi Technology Launches Innovative Web Application Development Services in Delhi

Qdexi Technology, a leading web application development company in Delhi, is proud to announce the launch of its innovative web…

1 day ago

Seguici

Innovation Newsletter
Don't miss the most important news about Innovation. Sign up to receive them by email.