With its growing use in industry, ROS is rapidly becoming a standard in robotics. While developments in ROS 2 show promise, the slow adoption cycles in industry will push widespread ROS 2 industrial adoption years from now. ROS will prevail in the meantime which raises the question: can ROS be used securely for industrial use cases even though its origins didn't consider it? The present study analyzes this question experimentally by performing a targeted offensive security exercise in a synthetic industrial use case involving ROS-Industrial and ROS packages. Our exercise results in four groups of attacks which manage to compromise the ROS computational graph, and all except one take control of most robotic endpoints at desire. To the best of our knowledge and given our setup, results do not favour the secure use of ROS in industry today, however, we managed to confirm that the security of certain robotic endpoints hold and remain optimistic about securing ROS industrial deployments.

中文翻译：

---

ROS 能否在工业中安全使用？红队 ROS-Industrial

随着其在工业中的使用越来越多，ROS 正迅速成为机器人技术的标准。虽然 ROS 2 的发展显示出前景，但行业中缓慢的采用周期将推动 ROS 2 的广泛采用。与此同时，ROS 将占上风，这就提出了一个问题：即使 ROS 的起源没有考虑到它，ROS 能否安全地用于工业用例？本研究通过在涉及 ROS-Industrial 和 ROS 包的合成工业用例中执行有针对性的攻击性安全练习来实验性地分析这个问题。我们的练习导致了四组攻击，它们设法破坏了 ROS 计算图，除了一组攻击之外，所有攻击都根据需要控制了大多数机器人端点。据我们所知，鉴于我们的设置，结果不利于当今工业中 ROS 的安全使用，