Technology

Industry 4.0: CNC Machine Security Risks Part 2

Computer numerical controller machine (CNCs) are machines used to produce products in a factory setting. They have been in use for many years, and in the last decade, their use has become more widespread due to increased connectivity, and vulnerability.

For this blog, we will continue discussing our evaluated vendors and highlighting findings that we discovered during our research.

Haas
Figure 1. The Haas simulator we used for preliminary testing (left) and the Haas CNC machine (Super Mini Mill 2) by Celada we used for verification (right)

Haas was the first vendor we focused on because of the fast availability of its controller. We began our analysis by conducting port scanning on the controller simulator and identifying the protocols exposed by the controller. After that, we evaluated the options with which an attacker could abuse the protocols to perform attacks aimed at the security of the machine and verified these attacks in practice on a real-world machine installation.

Okuma
Figure 2. The Okuma simulator we used for the development of the malicious application and during the initial testing

Okuma stands out in the market of CNC controllers for one interesting feature: the modularity of its controller. While the vendor offers in the device’s simplest form a tiny controller, it also provides a mechanism, called THINC API, to highly customize the functionalities of the controller. With this technology, any developer can implement a program that, once installed, runs in the context of the controller, in the form of an extension. This approach is very similar to how a mobile application, once installed, can extend a smartphone’s functionalities.

Heidenhain
Figure 3. The Hartford 5A-65E machine, running on a Heidenhain TNC 640 controller, that we used in our experiments at Celada

In the spirit of the Industry 4.0 paradigm, Heidenhain offers the Heidenhain DNC interface to integrate machines on modern, digital shop floors. Among the many scenarios, Heidenhain DNC enables the automatic exchange of data with machine and production data acquisition (MDA/PDA) systems, higher level enterprise resource planning (ERP) and manufacturing execution systems (MESs), inventory management systems, computer-aided design and manufacturing (CAD/CAM) systems, production activity control systems, simulation tools, and tool management systems

Related Post

In our evaluation, we had access to the library provided by Heidenhain to the integrators to develop interfaces for the controller. The manufacturer provides this library, called RemoTools SDK,35 to selected partners only.

Innovation Newsletter
Don't miss the most important news about Innovation. Sign up to receive them by email.
Fanuc
Figure 4. The Yasuda YMC 430 + RT10 machine, running on a Fanuc controller, that we used in our experiments at the Polytechnic University of Milan

Like Heidenhain, Fanuc offers an interface, called FOCAS,36 for the integration of CNC machines in smart network environments. Even though this technology offers a restricted set of remote-call possibilities compared with the other vendors’ (that is, a limited number of management features), our experiments showed that a miscreant could potentially conduct attacks like damage, DoS, and hijacking.

Read more

BlogofInnovation.com 

Innovation Newsletter
Don't miss the most important news about Innovation. Sign up to receive them by email.

Recent Posts

Good heart health in middle age may preserve brain function among Black women as they age

​​Research Highlights: Middle-aged Black women with better heart health were less likely to show a decline in mental function compared…

9 hours ago

Revolutionizing Hydration: Alkaline Ionized Water Takes India by Storm

Alkaline ionized water is being widely used in India, signifying a new phase of hydration for consumers with health concerns.…

21 hours ago

MoogleLabs Newest Feat – AI-powered Offensive Language Detection Tool: SwearSwap

MoogleLabs is an organization that is consistently making waves in the world of AI and technology with its innovative solutions…

21 hours ago

iCoreConnect Inc. Announces New State Endorsement of Seven Solutions From the Tennessee Dental Association

​​New Endorsements Allows iCoreConnect New Entry Into the Tennessee MarketOCOEE, FL - (NewMediaWire) - April 23, 2024 - iCoreConnect Inc. (NASDAQ:…

22 hours ago

Ubiquitech Software Corporation Reports Total Convertible Debt Reduction in Excess of $1,700,000 During Past 12 Months

​​DENVER, CO - (NewMediaWire) - April 23, 2024 - Ubiquitech Software Corp. (OTC: UBQU), a trailblazer in innovative software development, is pleased…

1 day ago

Sunknowledge Celebrates 10 Years of Successful Partnership in Providing Medical DME Billing Solutions to Top DME Company in New York

NEW YORK, N.Y., April 23, 2024 (SEND2PRESS NEWSWIRE) — Sunknowledge, a leading provider of healthcare outsourcing solutions, proudly celebrates a…

1 day ago

Seguici

Innovation Newsletter
Don't miss the most important news about Innovation. Sign up to receive them by email.