Cybersecurity Roboticsthe leading robot cybersecurity lab

Publications & research notes

The lab's research on robot cybersecurity — foundational papers transcribed in full, each linking to the original, plus field notes from the lab's disclosure work.

arXiv · 2025
The cybersecurity of a humanoid robot
As humanoids move from demos to deployments, we assess the cybersecurity of a commercial humanoid robot and find encryption flaws and unauthorized telemetry — showing that the newest, most capable rob
2025
arXiv · 2025
Humanoid robots as attack vectors
We show that a commercial humanoid (Unitree G1) can be repurposed as a surveillance and cyber-operations platform: a mobile sensor suite with network access that an attacker can weaponize against the
2025
arXiv (review) · 2022
Robot cybersecurity, a review
Robots are quickly becoming the tools we deploy to act upon the world — yet they are being built with little regard for security. This review argues that in robotics, security is a prerequisite for sa
2022
arXiv · 2022
Robot teardown: stripping industrial robots for good
Hardware teardown is a well-established practice in security research but under-applied to robots. This work argues that tearing robots down — physically and logically — is essential to assess their s
2022
IROS · 2022
SROS2: usable cybersecurity tools for ROS 2
Security in ROS 2 is only effective if developers actually use it. SROS2 provides a usable set of tools and a methodology to secure ROS 2 computational graphs, lowering the friction of enabling DDS se
2022
technical report · 2021
Securing robot endpoints in OT environments
Robots sit at the boundary of IT and operational technology (OT), where traditional endpoint defenses do not fit. This work presents an approach to protect robot endpoints inside OT networks without b
2021
Foundations and Trends in Robotics · 2021
Cybersecurity in robotics: challenges, quantitative modeling and practice
A book-length treatment of robot cybersecurity: the challenges that make robots hard to secure, quantitative models for reasoning about robot risk, and the practices — disclosure, scoring, testing — t
2021
arXiv · 2020
Red teaming the Robot Operating System (ROS) in industry
We red-team ROS and ROS-Industrial deployments as an attacker would, chaining reconnaissance, protocol abuse and lateral movement to take control of industrial robots — and derive concrete hardening g
2020
arXiv · 2020
DevSecOps in robotics
Robots are long-lived, safety-critical and frequently updated — exactly the systems that benefit most from continuous security. This work adapts DevSecOps to robotics, embedding security testing, disc
2020
arXiv · 2020
alurity: a toolbox for robot cybersecurity
Reproducibility is the bottleneck in robot security research. alurity is a modular, containerized toolbox that packages the tools and targets needed to research, teach and reproduce robot security wor
2020
arXiv · 2019
Introducing the Robot Vulnerability Database (RVD)
The Robot Vulnerability Database (RVD) is an open, community-driven archive that registers and records robot vulnerabilities and bugs. It gives the field a shared, machine-readable memory of what has
2019
arXiv · 2019
Akerbeltz: the first ransomware for industrial robots
Akerbeltz is, to our knowledge, the first ransomware built for industrial collaborative robots. Demonstrated against Universal Robots' UR3, UR5 and UR10 cobots, it shows how an attacker can hold a fac
2019
arXiv · 2018
Towards an open standard for assessing the severity of robot vulnerabilities (RVSS)
General-purpose severity scores (CVSS) miss what makes robots dangerous: physical consequence, safety impact and environmental context. The Robot Vulnerability Scoring System (RVSS) extends CVSS with
2018
arXiv · 2018
aztarna: footprinting exposed robots on the Internet
aztarna is a footprinting tool for robotics that scans the Internet for exposed robots and robot components — ROS masters, SROS setups, industrial routers and more — quantifying just how many robots a
2018
arXiv · 2018
The Robot Security Framework (RSF): a methodology to assess robot security
Robot security assessments are often ad hoc and incomparable. The Robot Security Framework (RSF) proposes a systematic, layered methodology — physical, network, firmware, operating-system and applicat
2018
arXiv · 2018
The Robotics CTF (RCTF): a playground for robot hacking
You learn security by breaking things safely. The Robotics CTF (RCTF) is an online capture-the-flag environment of vulnerable robot scenarios, letting researchers and students practice robot hacking a
2018
Research note · Mar 17, 2022
SROS2: Usable Cyber Security Tools for ROS 2
We propose a robot cybersecurity methodology to secure computational graphs and improve SROS2, usable security tools for ROS 2. We argue that without usability, security in robotics will be greatly im
2022
Research note · Dec 13, 2021
Robot Hacking Manual (RHM) v0.4
Learn robot cybersecurity through the Robot Hacking Manual (RHM), an introductory series about cybersecurity in robotics, with an attempt to provide comprehensive case studies and step-by-step tutoria
2021
Research note · Nov 28, 2021
Hacking ROS 2 ethically
We study the underlying default communication middleware of ROS 2, OMG's Data Distribution Service (DDS) and 6 popular implementations. We found all DDS implementations vulnerable to various attacks a
2021
Research note · Nov 25, 2021
Robot Hacking Manual (RHM)
The Robot Hacking Manual (RHM) is an introductory series about cybersecurity for robots, with an attempt to provide comprehensive case studies and step-by-step tutorials with the intent to raise aware
2021
Research note · Jul 24, 2021
Reviewing the status of robot cybersecurity
What's the status of cybersecurity in robotics? and, how can we best improve cyber-resillience in robotics? In this article we answer these questions and review the status of the robot cybersecurity a
2021
Research note · Jul 18, 2021
Robot teardown
Robot teardown fuels security research by understanding the underlying robot hardware architectures. The results help uncover security vulnerabilities, research quality and safety. We introduce the to
2021
Research note · Nov 2, 2020
Safety requires security in robotics
This article discusses briefly the connection between safety and security in robotics, while reasons about how security must be implemented at the robot endpoint to fullfil safety requirements.
2020
Research note · Sep 17, 2020
Red teaming the Robot Operating System in industry
Can ROS be used securely for industrial use cases even though its origins didn't consider it? The present study answers this question experimentally by performing a red team exercise over ROS and ROS-
2020
Research note · Aug 24, 2020
Disrupting ROS and ROS-Industrial communications by attacking underlying network protocols
This article aims to illustrate the consequences that some simple attacks targeting these underlying network protocols could have in ROS and ROS-Industrial deployments.
2020
Research note · Jul 10, 2020
Monthly reports on robot cybersecurity vulnerabilities - May and June 2020
A total of 23 robot cybersecurity vulnerabilities were reported from May to June 2020 according to the Robot Vulnerability Database (RVD). Vulnerabilities reported affect different vendors however a s
2020
Research note · Jun 23, 2020
IT, OT, IoT and Robotics, a security comparison
Cyber security aspects that apply to different domains including IT, OT, IoT or robotics are analyzed and compared together.
2020
Research note · May 31, 2020
Robotics and its compromised new supply chain
Insecurities in robotics are not just in the robots themselves, they are also in the whole supply chain, difficulting serving safe and secure robotics solutions.
2020
Research note · May 17, 2020
Vulnerability coordination and disclosure in robotics
As nicely pointed out in [1], responsible cybersecurity research and more specifically, vulnerability disclosure, is a two-way street. Vendors and manufacturers[2], as well as…
2020
Research note · May 8, 2020
The robotics "air gap"
The robotics air gap is a network security measure employed wherein the robot is assumed to be physically isolated from insecure networks. Robots however are networks of devices by definition. Network
2020
Research note · May 6, 2020
More than 100 companies use vulnerable collaborative robots
More than 100 companies are using insecure collaborative robots putting at risk tenths of thousands of workers and infrastructures around the world. These insecurities stem from…
2020
Research note · May 3, 2020
Monthly report on robot cybersecurity vulnerabilities - April 2020
A total of 67 robot cybersecurity flaws were reported in April 2020 according to the Robot Vulnerability Database (RVD), all of them vulnerabilities applying and confirmed to Universal Robots.
2020
Research note · Apr 26, 2020
Delivering unprotected IP into robots, Universal Robots+
Universal Robots delivers unprotected Intellectual Property through their insecure development platform, Universal Robots+. More than 600 partners affected have already submitted their Plug-and-Produc
2020
Research note · Apr 19, 2020
Universal Robots cobots are not secure
Tenths of thousands of users of Universal Robots are using insecure technology that might easily lead to safety hazards. This article argues about why and how we reached this situation and proposes s
2020
Research note · Apr 13, 2020
Quality, safety and security in robotics
Quality, safety and security are often misunderstood, mistaken or disregarded in robotics. This article argues about these terms and their relationship in the context of robotics, ultimately concludin
2020