Tactic: Initial Access

Technique: Supply Chain Compromise

Robots, like other machines with software, make excessive use of dependencies for its functionality. These dependencies can contain vulnerabilities. An attacker can focus its efforts on exploiting the vulnerable dependencies. An autonomous robot is not unique in this regard.

Technique in practice

Video: what is a supply chain attack? Article: what is a supply chain attack?

Mitigations

The developers of the autonomous robot should keep the used dependencies up-to-date, especially on security-critical updates. The user of the robot should regularly check for updates from the robot's manufacturer.

Detections

The toolchain used in development should do periodic scanning of its dependencies, and cross-reference these results with popular security databases. This automated process would notify the developers of vulnerabilities, and what version to update it to.

Documented incidents with autonomous robots

No incidents known at the time of writing.

Documented incidents in other domains

[2018] Stuxnet malware (uses a supply chain compromise vulnerability)