A curated list of ROS / ROS 2 and robotics security resources: tools, checklists, CVEs, SROS2, DDS, AI/perception attacks, research papers, conference talks, and blogs.
Modern robots run on the Robot Operating System (ROS / ROS 2) and a stack of DDS, embedded Linux, real-time controllers, perception ML models, and industrial fieldbuses. They blur the line between IT, OT, and AI, and they move in the physical world. This list covers the full robotics security landscape: ROS internals, attack surface, pentesting tools, checklists, known CVEs, frameworks, talks, and research.
What makes this list different: every entry has been individually verified against a primary source (NVD for CVEs, arXiv/DOI for papers, vendor docs for tools, conference archives for talks). The git log documents every fabricated entry we found and removed during audit. PRs follow the same standard , see CONTRIBUTING.md.
- Overview
- Robot Security Attack Surface
- ROS 1 vs ROS 2 Security Model
- Pentesting Tools
- Robot Pentesting Checklists
- Known CVEs & Robot Vulnerabilities
- Notable Robot Security Incidents
- AI / Perception Layer Attacks
- Industrial Robot Specifics
- Standards, Frameworks & Hardening
- Research Papers
- Conference Talks
- Blogs & Vendor Research
- Newsletters & Podcasts
- Official ROS / ROS 2 Documentation
- Books
- Online Courses & Training
- YouTube Channels & Video Series
- Simulators & Lab Environments
- Hardware Platforms for Learning
- CTFs & Practice Labs
- Related Curated Lists
- ROS-Industrial Consortia
- Communities & Disclosure
- Contribute
A robot is a cyber-physical system: a network of nodes exchanging sensor and actuation messages over a middleware (ROS, DDS, or vendor-proprietary), running on an embedded OS, often connected to a cloud fleet manager and an industrial network.
A robot compromise is not just data theft. It can crash drones, derail mobile robots into people, or weld where there should not be a weld.
Key facts:
- ROS is the de-facto open-source robotics middleware, maintained by Open Robotics.
- ROS 1 was designed without security in mind. It is plaintext, unauthenticated, and trivial to attack on a flat network.
- ROS 2 uses DDS (Data Distribution Service) as transport. Security is optional via the DDS-Security spec, exposed in ROS 2 as SROS2.
- The Robot Vulnerability Database (RVD) is the largest robot-specific flaw registry (~241 catalogued flaws plus ~265 tracked ROS 2 bug entries as of 2024; verify current counts on the repo). Maintained by Alias Robotics.
Learn more:
| Layer | Components | Typical Weaknesses |
|---|---|---|
| Hardware | JTAG, UART, USB, SD, CAN, EtherCAT, I²C, SPI | Exposed debug ports, glitching, sensor spoofing |
| Firmware / OS | Embedded Linux (Ubuntu, Yocto), RTOS, bootloader | Default creds, world-writable files, missing secure boot |
| Middleware | ROS 1 master, ROS 2 / DDS, MQTT, ZeroMQ | No auth (ROS 1), DDS misconfig, plaintext topics |
| Application | ROS nodes, services, parameter server, .launch/.yaml |
Param poisoning, node spoofing, deserialization bugs |
| Perception / AI | LiDAR, RGB/RGBD cameras, IMU, ML models | Adversarial inputs, sensor spoofing, model tampering |
| Network | Wi-Fi, 4G/5G, Ethernet, Bluetooth | Open services, weak Wi-Fi, no segmentation from IT/OT |
| Cloud / Fleet | Vendor cloud, web dashboards, REST/MQTT bridges | OWASP Top 10, weak API auth, exposed endpoints |
| Physical / Safety | E-stops, safety PLCs, motor controllers | Bypassable safety logic, unsafe defaults |
- Central ROS Master on TCP 11311 (XML-RPC).
- No authentication. Any node on the network can register, subscribe, publish, or de-register others.
- No encryption. Everything is plaintext over TCPROS/UDPROS.
- XML-RPC injection and node hijacking are trivial.
- Mitigations are network-layer only: VPN, VLAN segmentation, IPsec.
- Uses DDS (RTPS) which is distributed, no master.
- DDS Security plugins (Authentication, Access Control, Cryptographic) provide PKI-based identity, signed permissions, AES-GCM encryption.
- Exposed in ROS 2 as SROS2 CLI tooling:
ros2 security create_keystore,create_enclave, etc. - Common failures: SROS2 disabled in dev/prod, wrong
ROS_DOMAIN_ID, missing access control policies, permissivegovernance.xml. - Reference: SROS2 docs, DDS Security spec (OMG).
| Tool | Purpose | Link |
|---|---|---|
| ROSPenTo | XML-RPC pentest tool for ROS Master & nodes, enumerates and manipulates the ROS graph | github.com/jr-robotics/ROSPenTo |
| ROSploit | Two-phase recon + exploit framework for ROS 1 | github.com/seanrivera/rosploit |
| roschaos | Chaos engineering / fault injection across the ROS graph | github.com/ruffsl/roschaos |
| Robosploit (Alurity) | Robotics exploitation framework by Alias Robotics | aliasrobotics.com/alurity.php |
| HAROS | Static analysis framework for ROS C++/Python codebases | github.com/git-afsantos/haros |
| aztarna | Footprinting tool for ROS, SROS, industrial routers (archived 2020, but still useful) | github.com/aliasrobotics/aztarna |
| RVD | Robot Vulnerability Database (registry + CLI) | github.com/aliasrobotics/RVD |
| RSF (Robot Security Framework) | Methodology + tooling for robot assessments | github.com/aliasrobotics/RSF |
| SROS2 CLI | Generate keystores, enclaves, governance/permissions XML | github.com/ros2/sros2 |
| dds-perftest / shapes_demo | DDS reference apps used to validate isolation | Fast-DDS docs |
| Tool | Purpose | Link |
|---|---|---|
| dronesploit | Pentest framework for drones (Wi-Fi, MAVLink) | github.com/dronesploit/dronesploit |
| MAVProxy | MAVLink ground-station; useful for fuzzing autopilots | github.com/ArduPilot/MAVProxy |
| pymavlink | Python MAVLink bindings for packet crafting | github.com/ArduPilot/pymavlink |
| MAVLink-Router | Routing proxy useful for MITM | github.com/mavlink-router/mavlink-router |
| Skyjack | Classic Parrot AR.Drone hijack PoC | samy.pl/skyjack |
| Aircrack-ng | Drone Wi-Fi de-auth, WPA capture | aircrack-ng.org |
| GNU Radio | SDR baseband for drone telemetry capture | gnuradio.org |
- Metasploit Framework: general; a few ICS/robot modules.
- ISF, Industrial Security Exploitation Framework: ICS/robotics modules.
- RouterSploit: embedded device exploits, useful for robot controllers.
- w3af: for robot web dashboards.
- expliot: IoT / robotics pentest framework (BLE, MQTT, Modbus, CoAP).
- Cotopaxi: Samsung IoT/robot protocol fuzzer and tester.
- Nmap: service discovery; ports 11311 (ROS 1), 7400-7500 (DDS RTPS).
- Masscan: high-speed scanning of robot fleets.
- Wireshark with the RTPS dissector for DDS traffic.
- Scapy: packet crafting for RTPS / TCPROS.
- SSLyze: for robot HTTPS endpoints.
- fast-dds-discovery-server: DDS discovery analysis.
- fast-dds-monitor: DDS network observability.
- RTI Connext Admin Console: introspection on RTI Connext DDS deployments.
- Bettercap: MITM on robot Wi-Fi / Ethernet.
- mitmproxy: intercept robot HTTPS / WebSocket / REST.
- zmap + zgrab2: scan internet-exposed ROS endpoints.
- Bus Pirate, JTAGulator, Saleae: physical bus probing.
- ChipWhisperer: side-channel + glitching of robot MCUs.
- Glasgow Interface Explorer: multi-protocol hardware tool.
- CANalyse / caringcaribou: CAN/CANopen on industrial arms.
- python-can: CAN scripting; works with SocketCAN, USB2CAN.
- CANToolz: framework for CAN bus auditing.
- Flipper Zero: RF/sub-GHz on tele-op links.
- HackRF One, RTL-SDR, LimeSDR: SDR for drone/robot telemetry.
- Proxmark3: RFID/NFC on robot access cards.
- FlashROM + CH341A: SPI flash dump of robot controllers.
- Flawfinder, RATS, Cppcheck: C/C++ source scanners.
- SonarQube, Semgrep, CodeQL: SAST.
- OWASP Dependency-Check, Syft + Grype: SBOM + CVE matching for ROS dependencies.
- clang-tidy with the ros-industrial config: enforce safer C++ in ROS nodes.
- Bandit: Python SAST for ROS Python nodes.
- Snyk: SCA on rosdep / pip / apt dependencies.
- Trivy: container scan for ROS Docker images.
- AFL++, libFuzzer: message parser fuzzing.
- Boofuzz: protocol fuzzing for ROS messages and DDS RTPS.
- radamsa: general fuzz mutation engine.
- Honggfuzz: coverage-guided fuzzing.
- Google Sanitizers: ASan/UBSan/TSan for ROS nodes.
- Volatility 3: memory forensics; works on robot Linux dumps.
- Autopsy: disk forensics on robot SD cards / eMMC images.
- bulk_extractor: artifact extraction from raw images.
- Plaso / log2timeline: timeline analysis on robot OS.
- GRR Rapid Response: live IR on fleets of robots.
- Velociraptor: endpoint visibility, scales to many robots.
- RTPS (DDS) dissector: built-in.
- Modbus, EtherCAT, Profinet dissectors: industrial fieldbuses.
- rosbag2: capture ROS 2 traffic to disk for offline analysis.
- Identify ROS version (ROS 1 vs ROS 2) and middleware (Fast-DDS, Cyclone, RTI Connext).
- Scan for ROS Master XML-RPC on TCP 11311.
- Enumerate all topics, services, parameters:
rostopic list,rosservice list,rosparam list. - List active nodes and inspect their connections:
rosnode list/rosnode info. - For ROS 2: probe RTPS discovery on UDP 7400-7500; enumerate participants with
ros2 node list,ros2 topic list. - Check
ROS_DOMAIN_IDsegregation and cross-domain leakage. - Verify whether SROS2 / DDS-Security is enabled and policies (governance/permissions XML) are signed.
- Attempt node spoofing: register a malicious node with the Master and intercept topics.
- Attempt topic poisoning: publish on safety-critical topics (
/cmd_vel,/joint_states). - Test MITM on TCPROS / RTPS where no encryption is enforced.
- Identify and probe JTAG, SWD, UART, USB-OTG, SD card interfaces.
- Attempt firmware dump via debug interface or SPI flash readout.
- Probe CAN / CANopen / EtherCAT buses for unauthenticated motion commands.
- Inspect I²C / SPI sensor lines for tamper / spoofing potential.
- Check for secure boot, signed firmware, and TPM/secure-element presence.
- Fingerprint OS (Ubuntu, Yocto, ROS distro).
- Test for default or hardcoded credentials (vendor, SSH, web UI).
- Look for SUID binaries, world-writable dirs, lax sudoers (CWE-276).
- Check for outdated apt/pip/rosdep packages with known CVEs.
- Verify SBOM exists and is current; run Syft + Grype.
- Test for race conditions in init scripts (CWE-362).
- Inspect
/etc/ros/,~/.ros/, and launch files for hardcoded secrets.
- Parameter server poisoning: read/write sensitive params (
/rosparam). - Launch file injection: substitute
.launch/.yamlto load attacker nodes. - Deserialization: fuzz custom
.msgparsers (esp. user-defined types). - DoS: topic flooding, parameter storms, RTPS announcement spam.
- Service abuse: enumerate
rosserviceendpoints for unauthenticated command exec, e-stop bypass, motion override. - Check for command injection in service handlers shelling out (
os.system,subprocess).
- Verify ROS 1 deployment is on an isolated, segmented network.
- Confirm SROS2 enclaves are scoped to least privilege.
- Robot web dashboard / REST / WebSocket bridge (
rosbridge_suite): apply OWASP Top 10 (authN/Z, CSRF, IDOR, SSRF). - Test rosbridge WebSocket on port 9090 for unauthenticated topic publishing.
- Check TLS hygiene on every HTTPS/MQTT endpoint.
- Inventory perception models (object detection, SLAM, voice).
- Test adversarial robustness of camera/LiDAR pipelines.
- Verify model file integrity (signatures, hashes) on disk.
- Check for unprotected model update / OTA channels.
| ID | Description | Reference |
|---|---|---|
| Architectural | Lack of authentication & encryption in ROS 1 computational graph (no CVE; documented design choice) | See SROS paper (White et al., 2016) and DeMarinis et al., 2018 |
| Architectural | rosbridge_suite WebSocket bridge has no built-in auth by default | See rosbridge docs |
| ID | Component | Description | Reference |
|---|---|---|---|
| CVE-2024-37861 | nav2_amcl (Nav2 Humble) |
Buffer overflow via crafted .yaml triggering RCE |
NVD |
| CVE-2024-41648 | navigation2 (Humble) |
Insecure file permissions enable arbitrary code execution | NVD |
| CVE-2022-30262 | RTI Connext Pro / Fast-DDS / OpenDDS / Cyclone-DDS | RTPS parser DoS | NVD |
| 2022 DDS RTPS bug cluster | All major DDS vendors | Series of related RTPS implementation flaws across vendors | Alias Robotics writeup |
| ID | Description | Reference |
|---|---|---|
| CVE-2020-10271 | MiR ROS computational graph exposed to network; attacker can take control of robot logic | NVD |
| CVE-2020-10275 | REST API tokens derived from publicly-documented default credentials | NVD |
| CVE-2020-10279 | Insecure Ubuntu defaults (race conditions CWE-362, permission errors CWE-276, default creds) , CVSS 9.8 | NVD |
| CVE-2020-10280 | Incomplete HTTP header flood DoS on web dashboard (MiR + Easy Robotics) | NVD |
| ID | Description | Reference |
|---|---|---|
| CVE-2020-10266 | UR+ platform components installed with no integrity verification (CVSS 8.1, CWE-345/353) | NVD |
| CVE-2020-10290 | URCaps (Java zip apps) execute without permission restrictions on the controller (CVSS 6.8) | NVD |
| ID | Description | Reference |
|---|---|---|
| CVE-2020-10268 | KR C4 firmware/hardware , critical services can be terminated from Windows Task Manager, halting the manipulator (requires physical access, CVSS 6.1) | NVD |
| ID | Description | Reference |
|---|---|---|
| CVE-2020-10287 | IRC5 family robots with UAS service enabled ship with publicly-documented default credentials | NVD |
| ID | Description | Reference |
|---|---|---|
| CVE-2020-10289 | ROS actionlib package allows arbitrary object instantiation via unsafe YAML load , RCE |
NVD |
| ID | Description | Reference |
|---|---|---|
| CVE-2020-10281 | MAVLink v1.0 has no encryption by design , cleartext sensitive data over the wire (CWE-319) | NVD |
| CVE-2020-10283 | MAVLink v1.0 has no authentication , attacker can force version downgrade from v2.0 during GCS-autopilot negotiation | NVD |
The IOActive 2017-2018 Hacking Robots Before Skynet research documented ~50 flaws in NAO, Pepper, UR, Baxter. Not all received CVE assignments. See the IOActive paper and technical appendix for full details.
| ID / Target | Description | Reference |
|---|---|---|
| CVE-2025-2894 | Unitree Go1 backdoor: hardcoded CloudSail API key enables full remote control without auth | SentinelOne advisory |
| CVE-2026-27509 | Unitree Go2 unauthenticated DDS-based RCE via rt/api/programming_actuator/request (firmware V1.1.7-V1.1.11 EDU) |
boschko.ca write-up |
| CVE-2026-27510 | Unitree Go2 mobile-app SQLite DB tampering enables persistent RCE bound to controller key combos | boschko.ca write-up |
| UniPwn (no CVE assigned at time of writing) | BLE Wi-Fi config service on Unitree Go2/B2/G1/H1 accepts the string unitree as a "secret" + uses hardcoded encryption keys + unsanitized shell injection. Worm-capable: infected robot scans BLE for other Unitree robots and compromises them. Disclosed Sept 2025 |
IEEE Spectrum (Sept 2025), Hackaday writeup |
| Unitree G1 static fleet-wide Blowfish-ECB key | Single key reused across every G1 worldwide; effective entropy of the encryption is zero bits once one robot is reversed | Mayoral-Vilches et al. 2025 (arXiv:2509.14139) |
No specific public-research CVEs or peer-reviewed vulnerability reports for Boston Dynamics Spot or Tesla Optimus were verifiable at time of writing. General "security concerns" think-pieces exist, but they do not document specific exploitable issues. If you have a verified write-up, please PR.
📚 Authoritative registry: Robot Vulnerability Database (RVD) by Alias Robotics. ~241 catalogued vulnerabilities plus ~265 tracked ROS 2 bug entries (as of 2024). Verify current counts on the repo.
| Year | Incident / Paper | Summary | Link |
|---|---|---|---|
| 2017 | Trend Micro Rogue Robots | First end-to-end attack chain on industrial arms (ABB, Kuka) | Paper |
| 2018 | IOActive Hacking Robots Before Skynet | 50+ flaws in NAO, Pepper, UR, Baxter | IOActive |
| 2019 | Alias Robotics RVD launch | First public robot CVE registry | Discourse |
| 2020 | MiR / UR / ABB CVE wave | Coordinated disclosure of dozens of robot CVEs | Alias as CNA |
| 2022 | DDS RTPS bug class | Series of CVEs across all major DDS vendors | Alias DDS |
| 2024 | Nav2 buffer overflow (CVE-2024-37861) | First RCE in ROS 2 Nav stack via crafted YAML | NVD |
| 2024 | RoboPAIR LLM jailbreak | UPenn shows LLM-controlled robots can be jailbroken into unsafe actions | robopair.org |
| 2024-2025 | Humanoid robot reversing | Independent researchers reversing Unitree G1, Tesla Optimus firmware | Various conference talks |
Modern robots run ML for vision, planning, and dialog. New attack classes:
- Adversarial examples: physical-world patches that fool object detectors (stop-sign attacks on autonomous robots).
- Sensor spoofing: laser glare on LiDAR, ultrasonic injection on MEMS, GPS spoofing on outdoor robots.
- Data poisoning: manipulating training datasets for fleet-learned models.
- Model integrity attacks: tampering with on-device
.onnx/.pt/.enginefiles; missing signatures. - Prompt injection on LLM-controlled robots: emerging issue for VLA (Vision-Language-Action) models like RT-2, Figure-01 stack, OpenVLA.
- Backdoored foundation models: trojan triggers in pretrained vision/LLM backbones.
- VLA jailbreaking: chained text+image prompts that bypass safety filters in LLM-driven robots (see RoboPAIR).
Reading:
- Adversarial Robustness Toolbox (IBM)
- RoboPAIR LLM-controlled robot jailbreaking (UPenn, 2024)
- LiDAR Spoofing Research, Cao et al.
- Physical Adversarial Patches on Object Detectors (Brown et al.)
- Remote modification of control parameters / calibration: tiny offsets cause defective parts or unsafe motion (Trend Micro).
- Safety PLC bypass: light curtains, e-stops, and safety zones controlled by separately certified safety PLCs; check whether they can be reached or overridden from the standard network.
- Network pivot: a compromised cell controller is often the bridge from IT to the deep OT network.
- Vendor remote-access tools (KUKA WorkVisual, ABB RobotStudio, Fanuc Roboguide): historically weak auth, often exposed for "remote support".
- Fieldbuses: EtherCAT, PROFINET, CANopen, EtherNet/IP are typically unauthenticated; treat as inside the trust boundary.
- OPC UA on robots: increasingly common; check certificate validation and anonymous-access policies.
Pivot reading: Awesome ICS Security guide.
| Standard / Framework | Scope | Link |
|---|---|---|
| ISO 10218-1/-2 | Industrial robot safety | ISO 10218 |
| ISO/TS 15066 | Collaborative robots (cobots) safety | ISO 15066 |
| IEC 62443 | Industrial automation & control systems security | IEC 62443 |
| NIST SP 800-82 Rev.3 | Guide to OT security (covers robotics) | NIST |
| NIST IR 8259 | IoT cybersecurity baseline (applies to robots) | NIST.IR.8259.pdf |
| MITRE ATT&CK for ICS | TTPs applicable to industrial robots | attack.mitre.org/matrices/ics |
| SROS2 / DDS-Security | Native ROS 2 security model | SROS2 |
| Robot Security Framework (RSF) | Methodology for robot security assessments | github.com/aliasrobotics/RSF |
| OWASP IoT Top 10 | Applies to robot web/cloud surfaces | OWASP IoT |
| OWASP MASVS / MSTG | When robot apps include companion mobile apps | OWASP MASVS |
| ENISA Robotics | EU agency guidance | ENISA Robotics |
| REP-2006 | ROS 2 vulnerability disclosure policy | REP-2006 |
- Disable ROS 1 in production; if unavoidable, air-gap or VPN-only.
- Enable SROS2 with signed governance / permissions XML.
- Pin a unique non-default
ROS_DOMAIN_IDper deployment. - Disable
rosbridgeor front it with auth + TLS. - Secure boot + signed firmware; encrypted filesystem on removable media.
- Network segmentation: separate safety, control, perception, cloud VLANs.
- Continuous SBOM scanning (Syft + Grype).
- Subscribe to ROS Security Vulnerability Disclosures (REP-2006).
Every entry below is a paper I've personally verified (title + authors + arXiv/DOI match the URL). If you spot a wrong link, please open a PR.
- SROS: Securing ROS over the wire, in the graph, and through the kernel , White, Christensen, Quigley , 2016
- Scanning the Internet for ROS: A View of Security in Robotics Research , DeMarinis, Tellex, Kemerlis, Konidaris, Fonseca , 2018
- Penetration Testing ROS , Dieber, White, Taurer, Breiling, Caiazza, Christensen, Cortesi , 2019 (book chapter in Springer's ROS: The Complete Reference Vol. 4; Semantic Scholar mirror)
- Can ROS be Used Securely in Industry? Red-Teaming ROS-Industrial , Mayoral-Vilches, Pinzger, Rass, Dieber, Gil-Uriarte , 2020
- SROS2: Usable Cyber Security Tools for ROS 2 , Mayoral-Vilches, White, Caiazza, Arguedas , IROS 2022
- Introducing the Robot Vulnerability Database (RVD) , Mayoral-Vilches, Usategui San Juan, Dieber, Ayucar Carbajo, Gil-Uriarte , 2019
- Robot Vulnerability Scoring System (RVSS) , Mayoral-Vilches et al. , 2018
- DevSecOps in Robotics , Mayoral-Vilches, García-Maestro, Towers, Gil-Uriarte , 2020
- Robotics CTF (RCTF), a Playground for Robot Hacking , Olalde Mendia, Usategui San Juan, Perez Bascaran et al. , 2018
- Rogue Robots: Testing the Limits of an Industrial Robot's Security , Maggi, Quarta, Pogliani, Polino, Zanchettin, Zanero (Trend Micro & Polimi) , 2017 white paper
- An Experimental Security Analysis of an Industrial Robot Controller , Quarta, Pogliani, Polino, Maggi, Zanchettin, Zanero , IEEE S&P 2017
- Detecting Insecure Code Patterns in Industrial Robot Programs , Pogliani, Maggi, Balduzzi, Quarta, Zanero , AsiaCCS 2020
- Rogue Automation: Vulnerable and Malicious Code in Industrial Programming , Maggi et al. , Trend Micro / Polimi 2020 (companion to OTRazor BH USA 2020 talk)
- Hacking Robots Before Skynet , Cerrudo & Apa (IOActive) , 2017. Paper PDF, Technical appendix
- Adversarial Sensor Attack on LiDAR-based Perception in Autonomous Driving , Cao, Xiao, Cyr, Zhou, Park, Rampazzi, Chen, Fu, Mao , ACM CCS 2019
- Adversarial Patch , Brown, Mané, Roy, Abadi, Gilmer , 2017
- NO Need to Worry about Adversarial Examples in Object Detection in Autonomous Vehicles , Lu, Sibai, Fabry, Forsyth , 2017 (counter-argument paper: argues adversarial examples don't reliably transfer to AVs in motion)
- Jailbreaking LLM-Controlled Robots (RoboPAIR) , Robey, Ravichandran, Kumar, Hassani, Pappas , 2024
- BadRobot: Jailbreaking Embodied LLMs in the Physical World , Zhang et al. , 2024 (accepted ICLR 2025)
- Cybersecurity AI: Humanoid Robots as Attack Vectors , Mayoral-Vilches, Makris, Finisterre , 2025 (Unitree G1 case study)
Every entry below has a verified video, slides, or paper link. Grouped by topic, then by year (most recent first). Have a great talk to add? Open a PR.
- Quarta, Pogliani, Polino, Maggi, Zanchettin, Zanero - An Experimental Security Analysis of an Industrial Robot Controller - IEEE S&P 2017
- Paper: https://ieeexplore.ieee.org/document/7958582
- Project page: https://robosec.org/
- Quarta, Maggi et al. - Breaking the Laws of Robotics: Attacking Industrial Robots - Black Hat USA 2017
- Maggi, Pogliani et al. - OTRazor: Static Code Analysis for Vulnerability Discovery in Industrial Automation Scripts - Black Hat USA 2020
- Pogliani, Maggi, Balduzzi, Quarta, Zanero - Detecting Insecure Code Patterns in Industrial Robot Programs - AsiaCCS 2020
- Trend Micro & Politecnico di Milano - Rogue Robots: Testing the Limits of an Industrial Robot's Security - 2017 white paper
- Giese - Reverse Engineering and Hacking Ecovacs Robots - DEF CON 32 (2024)
- Giese - Sucking Dust and Cutting Grass: Reversing Robots and Bypassing Security - 37C3 (2023)
- Giese - Vacuum Robot Security and Privacy - DEF CON 31 (2023)
- Speaker index: https://dontvacuum.me/talks/
- Giese & Wegemer - Unleash Your Smart-Home Devices: Vacuum Cleaning Robot Hacking - 34C3 (2017)
- Cerrudo & Apa (IOActive) - Hacking Robots Before Skynet - HITB GSEC 2017 & Ekoparty 2017
- Video (HITB GSEC): https://www.youtube.com/watch?v=CD2w602tyJk
- Video (Ekoparty): https://www.youtube.com/watch?v=ki66_wij_Dk
- Paper: https://www.ioactive.com/wp-content/uploads/pdfs/Hacking-Robots-Before-Skynet.pdf
- Technical appendix: https://www.ioactive.com/wp-content/uploads/pdfs/Hacking-Robots-Before-Skynet-Technical-Appendix.pdf
- Mayoral-Vilches et al. - SROS2: Usable Cyber Security Tools for ROS 2 - 2022
- ROS-SWG - ROS 2 Security Workshop - ROSCon 2019
- Workshop site (slides, exercises): https://ros-swg.github.io/ROSCon19_Security_Workshop/
- Cao et al. - You Can't See Me: Physical Removal Attacks on LiDAR-based Autonomous Vehicles - USENIX Security 2023
- Sun, Cao, Chen, Mao - Towards Robust LiDAR-based Perception in Autonomous Driving: Black-box Adversarial Sensor Attack - USENIX Security 2020
- Cao et al. - Adversarial Sensor Attack on LiDAR-based Perception in Autonomous Driving - ACM CCS 2019
- Robey, Ravichandran, Kumar, Hassani, Pappas - Jailbreaking LLM-Controlled Robots (RoboPAIR) - UPenn / CMU 2024
- Paper: https://arxiv.org/abs/2410.13691
- Project: https://robopair.org/
- CMU ML blog write-up: https://blog.ml.cmu.edu/2024/10/29/jailbreaking-llm-controlled-robots/
- Mayoral-Vilches et al. - Cybersecurity AI: Humanoid Robots as Attack Vectors (Unitree G1) - 2025
- McClean, Stull, Farrar, Mascareñas - A Preliminary Cyber-Physical Security Assessment of the Robot Operating System (ROS) - SPIE 2013 (DEF CON 20 honeypot project)
- DeMarinis, Tellex, Kemerlis, Konidaris, Fonseca - Scanning the Internet for ROS: A View of Security in Robotics Research - 2018
- Mayoral-Vilches et al. - Can ROS be Used Securely in Industry? Red-Teaming ROS-Industrial - 2020
When you can't find a specific talk above, search these archives:
- DEF CON Media Server - https://media.defcon.org/
- DEF CON YouTube channel - https://www.youtube.com/user/DEFCONConference
- Black Hat archives - https://www.blackhat.com/html/archives.html
- ROSCon talk index (all years) - https://roscon.ros.org/
- CCC media (all Congresses + camps) - https://media.ccc.de/
- USENIX Security past programs - https://www.usenix.org/conferences/byname/108
- NDSS Symposium - https://www.ndss-symposium.org/
- IEEE S&P (Oakland) past programs - https://www.ieee-security.org/TC/SP-Index.html
- ACM CCS proceedings - https://www.sigsac.org/ccs.html
- HITB conference archive - https://conference.hitb.org/
- Don't Vacuum Me (Dennis Giese's talk index) - https://dontvacuum.me/talks/
- RoboSec (Polimi industrial-robot research) - https://robosec.org/
- Alias Robotics blog: the most consistent robotics security research output.
- Trend Micro Research (robotics).
- IOActive Labs blog.
- NCC Group Research: occasional robot / industrial control posts.
- Bishop Fox Labs: industrial / robot posts.
- Trail of Bits blog: deep dives on robot/firmware.
- Cybereason Nocturnus.
- Claroty Team82: OT / industrial robot advisories.
- Forescout Research (Vedere Labs): industrial robot CVEs.
- Dragos blog: ICS threat intel, includes robot vendors.
- Kaspersky ICS-CERT: industrial robot statistics.
- Nozomi Networks Labs.
- Microsoft Defender for IoT blog.
- Cisco Talos.
- ABB Cybersecurity.
- Universal Robots support (search "cybersecurity" / "security advisory").
- Siemens ProductCERT: covers robotic cells and ICS.
- KUKA: report via the KUKA Customer Portal (vendor does not publish a public PSIRT page at time of writing).
- Fanuc: report through fanucamerica.com/contact (no public PSIRT page at time of writing).
- Boston Dynamics: disclose via security[at]bostondynamics.com (no public page at time of writing).
- ROS Discourse (search for "security" , there is no longer a dedicated category, but security threads are tagged).
- Robohub: general robotics; security posts occasionally.
- The Construct: ROS training (some security content).
- Fort Robotics blog.
- Robotic Industries Association (RIA).
- Alias Robotics newsletter.
- SANS NewsBites: covers robot CVEs.
- Dragos WorldView Threat Intelligence.
- N2K Networks CyberWire (formerly The CyberWire).
- Robohub Podcast: general; occasional security episodes.
- Unsolicited Response (Dale Peterson): ICS / OT.
- Hack the Plant (Bryson Bort, ICS Village): OT/ICS including robots.
- Darknet Diaries: occasional robotic incident episodes.
- Risky Business: covers major robot CVEs.
The starting points. If you're new to ROS security, read these in order.
- ROS 2 Documentation home , root index for all distros (Rolling, Jazzy, Iron, Humble, etc.).
- About ROS 2 Security , concept overview of the security model.
- Setting up security tutorial , end-to-end walkthrough configuring SROS2 from scratch.
- Understanding the security keystore , what every key file is for.
- Ensuring security across machines , extending SROS2 to multi-host deployments.
- Deployment Guidelines , production hardening practices.
- REP-2006 , ROS 2 Vulnerability Disclosure Policy , how to report a ROS 2 bug.
- ros2/sros2 GitHub repo , source + CLI for keystore/enclave/policy.
- SROS2 example policy files ,
talker_listener.policy.xml,add_two_ints.policy.xml,minimal_action.policy.xml, etc. , copy and adapt these. - DDS Security spec (OMG) , the upstream standard SROS2 implements.
- ROS 2 Security Working Group (ros-security/community) , official WG, meeting notes, agendas.
- ROS Deliberation WG , task planning / autonomy stack (security-adjacent).
- Programming Robots with ROS , Morgan Quigley, Brian Gerkey, William D. Smart , O'Reilly 2015. Written by the OSRF founders. ROS 1 only but the architecture chapters are still the best in print. Sample code.
- Mastering ROS 2 for Robotics Programming, 4th ed. , Lentin Joseph, Jonathan Cacace , Packt 2024. ROS 2 Jazzy, Nav2, MoveIt 2, Gazebo Sim, Micro-ROS. Source code on GitHub.
- A Concise Introduction to Robot Programming with ROS 2 (2nd ed.) , Francisco Martín Rico. Companion code: github.com/fmrico/book_ros2.
- Modern Robotics: Mechanics, Planning, and Control , Kevin Lynch and Frank Park , Cambridge University Press 2017. Free PDF on the Northwestern wiki. Paired Coursera specialization linked below.
- Industrial Cybersecurity (2nd ed.) , Pascal Ackerman , Packt 2021. OT context for industrial robots.
- The Car Hacker's Handbook , Craig Smith , No Starch 2016. CAN bus / fieldbus overlaps with industrial robot controllers.
- Practical IoT Hacking , Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, Beau Woods , No Starch 2021.
- The Hardware Hacker , Andrew "bunnie" Huang , No Starch 2017. For when you have physical access to a robot.
- The Construct , ROS 2 Basics , in-browser ROS 2 with no local setup. Free + paid tiers.
- The Construct , ROS 2 Security Online Course , one of the very few dedicated ROS 2 security courses.
- Coursera , Modern Robotics specialization (Northwestern) , 6-course series by Lynch and Park.
- ROS-Industrial training (ROS 1) , the canonical industrial-robotics training repo + docs.
- ROS-Industrial ROS 2 training , the ROS 2 (Foxy onward) equivalent.
- Cybersecurity for Robotics , Alias Robotics , vendor-run, hands-on with their Alurity toolbox.
- SANS ICS410 , ICS/SCADA Security Essentials , ICS context, not robot-specific.
- SANS ICS612 , ICS Cybersecurity In-Depth , deeper OT.
- Articulated Robotics (Josh Newans) , "Build a real robot with ROS 2" series. The clearest end-to-end ROS 2 video tutorial out there. Companion site: https://articulatedrobotics.xyz/
- The Construct YouTube , ROS 1 and ROS 2 walkthroughs, open classes.
- Robotis e-Manual videos , TurtleBot3 reference videos.
- ROSCon recordings (Vimeo) , Open Robotics Foundation's official archive of ROSCon and OSRF talks.
- LiveOverflow , general security with frequent embedded crossovers.
- stacksmashing , chip glitching, hardware attacks.
- Hak5 / Darren Kitchen , RF, WiFi, USB attacks.
Use these to safely practice attacks without bricking real hardware.
- Gazebo Sim , the standard ROS 2 simulator. GitHub.
- Ignition / Gazebo Fortress , the LTS Gazebo for ROS 2 Humble.
- Webots , open-source, cross-platform robot simulator.
- Isaac Sim (NVIDIA) , GPU-accelerated photorealistic simulator with ROS 2 bridge.
- Alurity , dockerized robot-cybersecurity toolbox by Alias Robotics.
- ROSCon19 Security Workshop (hands-on) , reproducible SROS2 lab.
The robots you'll see in most papers, tutorials, and CTFs.
- TurtleBot3 (ROBOTIS) , the de-facto ROS / ROS 2 learning robot. GitHub. Cheap, supports SROS2 demos.
- TurtleBot 4 (Clearpath / iRobot Create 3) , ROS 2 native successor.
- Clearpath Husky / Jackal , outdoor / heavy unmanned ground vehicles, common in academic security research.
- Universal Robots UR3e/UR5e/UR10e , the cobot platform behind most published industrial-robot CVEs.
- Unitree Go2 / G1 , quadruped and humanoid; subject of recent LLM-jailbreak research (RoboPAIR) and the 2025 Mayoral-Vilches Unitree G1 paper.
- Robotics CTF (RCTF) , dedicated robot-hacking challenges (archived 2020, but scenarios still useful).
- Alurity , modular toolbox for spinning up robot cyber lab scenarios.
- ROS-Industrial Training repo , solid base to wire offensive scenarios on top of.
- Gazebo Sim , build your own red-team scenarios safely.
- Foxglove Studio (visualization for live attack debugging) , inspect what your exploit is doing to the robot in real time. WebSocket protocol spec.
- CTFtime , ICS/SCADA tag , occasionally features robot-themed CTFs.
The robotics-resources side of the world. Most don't focus on security, but they're authoritative for tools, libraries, and learning paths you may want to defend.
- fkromer/awesome-ros2 , largest curated ROS 2 list (archived 2024, still excellent reference).
- ps-micro/awesome-ros , ROS 1 curated list.
- ahundt/awesome-robotics , general robotics resources.
- kiloreux/awesome-robotics , another general robotics list.
- jslee02/awesome-robotics-libraries , simulator and library focus.
- shannon112/awesome-ros-mobile-robot , SLAM, odometry, navigation focus.
- Guillaumebeuzeboc/awesome-ROS-snap , ROS distributed as Snap packages.
ROS-Industrial is the ROS branch focused on industrial / OT environments. The three regional consortia produce roadmaps, training, and white papers that shape what's deployed on factory floors.
- ROS-Industrial (main) , project landing page and challenge/mission docs.
- ROS-Industrial GitHub org , 100+ repos including industrial_training and the ROS 2 i_training.
- ROS-Industrial Consortium Americas (SwRI).
- ROS-Industrial Consortium Europe (Fraunhofer IPA).
- ROS-Industrial Consortium Asia Pacific (ARTC, Singapore).
- ROS 2 Security Working Group: official ROS security WG.
- Alias Robotics: CNA for robot CVEs; runs RVD.
- IOTSRG IoT Security Research Group: this repo's home.
- ROS Discourse , search "security" / "SROS2".
- ICS-CERT / CISA: for industrial robot advisories.
- NIST National Vulnerability Database (NVD).
- CVE.org: official CVE registry.
Disclosure: report ROS bugs via REP-2006; vendor robots via vendor PSIRT or Alias Robotics as CNA.
🤝 PRs welcome. Add CVEs, tools, write-ups, talks, papers, or new research. Open an issue or PR on iotsrg/awesome-ros-security.
🛡️ Maintained by IOTSRG, IoT Security Research Group. See also: awesome-connected-things-sec for the broader IoT/Embedded/ICS/Automotive list.