ROS Internet Mapping Project
The ROS Internet Mapping project is a research work in the Computer Science Department at Brown University to identify instances of Robot Operating System (ROS) available on the public Internet. As robots become more prevalent in our everyday lives, security of these platforms is becoming increasingly important.
ROS is a widely-used research robotics platform: it provides a publish-subscribe service to distribute data among nodes in a system. Nodes publish or subscribe to topics by advertising or querying a central master node to send or receive data. Like many research platforms, ROS was not designed for security: the ROS master node trusts all nodes that connect to it. The goal of this project is to identify exposed ROS instances and promote improved security in robotics research platforms.
We have conducted several, low-rate scans of the IPv4 space for ROS masters since October 2017 and found several instances of exposed ROS nodes, including both simulated devices and robots.
With permission of its owner, we also conducted a proof-of-concept "takeover" of one of the robots we found, to demonstrate that a robot with an exposed ROS master can be accessed and, potentially, controlled remotely. In our test, we were able to read data from the robot's sensors, and remotely control its actuators. A video of the demonstration is available here.
Further information about our findings is available in a technical report, available here.
Frequently Asked Questions
Is ROS broken?
No. Security is not a major part of ROS’ design; instead it provides a message-passing infrastructure between services or devices. As such, care must be taken to ensure that unauthorized parties cannot access a ROS host.
For users looking for alternatives to provide security, we recommend investigating the following platforms:
- Rosbridge: A WebSocket interface to ROS and a server to allow web applications interact with ROS nodes
- SROS: An architecture to add TLS support for ROS transport mechanisms
Does this mean there are attacks on ROS?
At the time of this writing, we are not aware of any known exploits on ROS, nor have we observed any attacks in the wild. However, as ROS does not provide any access controls, an open ROS master could leak topic data to a user that connects to it, potentially allowing an attacker to read robot sensor data or send actuation commands to the robot. Our results provide evidence that a number of robots expose this access on the public internet.
I am a ROS user, how can I protect my system?
- If possible, we suggest using ROS on a network not connected to the internet, or a network behind a firewall configured to block incoming traffic on the ROS master port (TCP port 11311). This will prevent external hosts from discovering the ROS master.
- If you use ROS on an open network, we encourage you to use a firewall (such as iptables) to prevent access from outside your network.
- If you run ROS on a laptop or other portable system, be mindful of when ROS is running as you move between networks.
I run a network with ROS instances, how can I protect my network?
- In a research setting, we recommend consulting with any groups using ROS. Ideally, a network of systems using ROS should operate on an isolated network or behind a firewall.
- Consider scanning for ROS instances and advising users that their systems may be exposed to a privacy risk.
- Consider blocking incoming connections on TCP port 11311. At minimum, this will prevent discovery of ROS master nodes on the network. Since other ROS services use ephemeral ports, this will not block all ROS traffic.
Members of the ROS Internet Mapping project include Nicholas DeMarinis, Stefanie Tellex, Vasileios Kemerlis, Rodrigo Fonseca, and George Konidaris.
Please contact our mailing list firstname.lastname@example.org with questions or comments.
This work is supported by the Systems Group and the Humans to Robots Laboratory of the Computer Science Department at Brown University.