Industrial robots used in factories and warehouses that are connected to the internet are not secure, leaving companies open to cyberattacks and costly damages.
That's the word coming from a study conducted by global security software company Trend Micro and Polytechnic University of Milan, the largest technical university in Italy.
"The industrial robot – it's not ready for the world it's living in," said Mark Nunnikhoven, vice president of cloud research at Trend Micro. "The reality is these things are being connected in more and more places. There are a lot of attacks that could happen in that environment."
The study looked at Internet security vulnerabilities that could involve industrial robots used on manufacturing lines in areas such as the automobile and aerospace industries. The robots, which generally look like large mechanical arms, are used to move heavy objects, weld seams and fit pieces together. The machines also can be found moving and stacking crates in warehouses.
The issue is taking on greater significance as the use of robots grows in factories around the world. The International Federation of Robotics, in its World Robotics Report, said that 2.6 million industrial robots will be deployed worldwide by 2019, an increase of about 1 million since 2015.
While companies are careful to ensure that industrial robots are safe to work near people, they're often not set up for cybersecurity. But these robots, according to Nunnikhoven, are increasingly being linked to company networks and the internet.
As long as there are proper security precautions, analysts said these robots can be connected to the internet. They need cybersecurity basics such as user names and passwords, two-factor authentication, encryption and hardware-based biometric authentication.
"I'm shocked that anyone would consider attaching anything to the internet without making sure it was secured," said Dan Olds, an analyst with OrionX. "This applies to everything from home thermostats to big robotic arms. Everything attached to the internet is vulnerable to hacking."
Patrick Moorhead, an analyst with Moor Insights & Strategy, said he was surprised that enterprises would forgo security on anything connected to the internet.
"The only thing I could attribute this to would be ignorance and maybe a way to save a few dollars here and there," he said. "This could be incredibly dangerous. To protect the security of robots there should be protection all the way from the robot to the network to the data center. Data should be protected at rest and in flight. This means a secure chain of command, end to end, using encryption every step of the way as well as hardware-based biometric authentication all the way through the chain."
Sign up for CIO Asia eNewsletters.