Search Icon
Register

Understanding the Internet-Wide Vulnerability Landscape for ROS-based Robotic Vehicles (Short)

Wentao Chen, Sam Der, Yunpeng Luo, Fayzah Alshammari, Qi Alfred Chen (University of California, Irvine)

Due to the cyber-physical nature of robotic vehicles, security is especially crucial, as a compromised system not only exposes privacy and information leakage risks, but also increases the risk of harm in the physical world. As such, in this paper, we explore the current vulnerability landscape of robotic vehicles exposed to and thus remotely accessible by any party on the public Internet. Focusing particularly on instances of the Robot Operating System (ROS), a commonly used open-source robotic software framework, we performed new Internet-wide scans of the entire IPv4 address space, identifying, categorizing, and analyzing the ROS-based systems we discovered. We further performed the first measurement of ROS scanners in the wild by setting up ROS honeypots, logging traffic, and analyzing the traffic we received. We found over 190 ROS systems on average being regularly exposed to the public Internet and discovered new trends in the exposure of different types of robotic vehicles, suggesting increasing concern regarding the cybersecurity of today’s ROS-based robotic vehicle systems.

Paper

View More Papers

coucouArray ( [post_type] => ndss-paper [post_status] => publish [posts_per_page] => 4 [orderby] => rand [tax_query] => Array ( [0] => Array ( [taxonomy] => category [field] => id [terms] => Array ( [0] => 104 [1] => 68 ) ) ) [post__not_in] => Array ( [0] => 17398 ) )

EnclaveFuzz: Finding Vulnerabilities in SGX Applications

Liheng Chen (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences; Institute for Network Science and Cyberspace of Tsinghua University), Zheming Li (Institute for Network Science and Cyberspace of Tsinghua University), Zheyu Ma (Institute for Network Science and Cyberspace of Tsinghua University), Yuan Li (Tsinghua University),…

Read More

WIP: AMICA: Attention-based Multi-Identifier model for asynchronous intrusion detection...

Natasha Alkhatib (Télécom Paris), Lina Achaji (INRIA), Maria Mushtaq (Télécom Paris), Hadi Ghauch (Télécom Paris), Jean-Luc Danger (Télécom Paris)

Read More

WIP: Security Vulnerabilities and Attack Scenarios in Smart Home...

Haoqiang Wang (Chinese Academy of Sciences, University of Chinese Academy of Sciences, Indiana University Bloomington), Yichen Liu (Indiana University Bloomington), Yiwei Fang, Ze Jin, Qixu Liu (Chinese Academy of Sciences, University of Chinese Academy of Sciences, Indiana University Bloomington), Luyi Xing (Indiana University Bloomington)

Read More

Efficient Use-After-Free Prevention with Opportunistic Page-Level Sweeping

Chanyoung Park (UNIST), Hyungon Moon (UNIST)

Read More

Privacy Starts with UI: Privacy Patterns and Designer Perspectives in UI/UX Practice

Anxhela Maloku (Technical University of Munich), Alexandra Klymenko (Technical University of Munich), Stephen Meisenbacher (Technical University of Munich), Florian Matthes (Technical University of Munich)

Vision: Profiling Human Attackers: Personality and Behavioral Patterns in Deceptive Multi-Stage CTF Challenges

Khalid Alasiri (School of Computing and Augmented Intelligence Arizona State University), Rakibul Hasan (School of Computing and Augmented Intelligence Arizona State University)

From Underground to Mainstream Marketplaces: Measuring AI-Enabled NSFW Deepfakes on Fiverr

Mohamed Moustafa Dawoud (University of California, Santa Cruz), Alejandro Cuevas (Princeton University), Ram Sundara Raman (University of California, Santa Cruz)