Headline
CVE-2023-33565: Analyzing Security Vulnerability and Forensic Investigation of ROS2: A Case Study | Proceedings of the 8th International Conference on Robotics and Artificial Intelligence
ROS2 (Robot Operating System 2) Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 are vulnerable to Denial-of-Service (DoS) attacks. A malicious user potentially exploited the vulnerability remotely and crashed the ROS2 nodes.
ABSTRACT
For several years, robotics technology has used ROS (Robot Operating System) as a middleware application for operating robots. The adoption of robots in various domains such as defense, industrial, academia, healthcare, and many more are rising gradually. After the market demand rose, ROS was upgraded to ROS2 for better performance and security. However, researchers have identified many security issues and breaches in the ROS2 framework. However, security is the biggest issue in today’s era. Thus the security issue is unrestricted in the robotics domains, which can cause human loss, injuries to humans and destruction of internal/external environments. In this paper, we demonstrate the security vulnerabilities of ROS2-based applications, such as the unauthorized injection of the data, unauthorized access to the data and denial of service attacks. Nevertheless, anti-forensic techniques on ROS2-based applications were performed to obstruct the forensics investigation. After that, we forensic investigated the attacks performed on the ROS2-based application. Our result shows that it is possible to compromise ROS2-based applications and attackers can crash the ROS2 system quickly. In a forensic investigation, it is possible to identify the attacker’s IP address, mac address, network interface and the process of the ROS2 system running on the robot. The authors stated the limitations and future work of the ROS2-based application in forensic investigation.
Using Attack Graphs in Forensic Examinations
Attack graphs are used to compute potential attackpaths from a system configuration and known vulnerabilities of asystem. Attack graphs can be used to eliminate knownvulnerability sequences that can be eliminated to make attacksdifficult and help …
Criminal investigation and forensic tools for smartphones
The technological capability of mobile devices, in particular Smartphones, makes their use valuable to the criminal community as a data terminal in the facilitation of organised crime or terrorism. The provision of best evidence admissible in a Court of …
When Digital Forensic Research Meets Laws
Academic researchers in digital forensics often lack backgrounds in related laws. This ignorance could make their research and development legally invalid, or with less relevance in practice. To better assist academic researchers, we discuss related …