Skip to main content

Penetration Testing ROS

Part of the Studies in Computational Intelligence book series (SCI,volume 831)


ROS is the most popular framework in robotics research and it also grows in terms of industrial use. This makes ROS a worthwhile target for attackers especially since security is not addressed by the core framework itself. Its open architecture and flexibility are also the reasons why ROS suffers from security issues. For example, in ROS it is possible to isolate single nodes from the rest of the application without the ROS master, the other nodes or even the node itself (i.e., its business code) noticing it. This is true for publishers, subscribers and services alike. This makes attacks very difficult to spot at runtime. Penetration testing is the most common security testing practice. The goal is to test an application for possible security flaws. To better facilitate penetration testing for ROS, we introduce ROSPenTo and Roschaos, tools that make use of the vulnerabilities of ROS and demonstrate how ROS applications can be sabotaged by an attacker. In this tutorial you will learn about the ROS XML-RPC API, which is our main attack point. You will see, how API attacks on ROS work in depth. You will get to know Roschaos and ROSPentTo, two tools, which can be used to manipulate running ROS applications.


  • ROS
  • Security
  • Penetration testing

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-20190-6_8
  • Chapter length: 43 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
USD   149.00
Price excludes VAT (USA)
  • ISBN: 978-3-030-20190-6
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   199.99
Price excludes VAT (USA)
Hardcover Book
USD   199.99
Price excludes VAT (USA)
Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8


  1. 1.

  2. 2.

  3. 3.

  4. 4.

  5. 5., last accessed 07/02/2018.

  6. 6.

    Download ROSPenTo at and follow building instructions in the README file.

  7. 7.

    A video of ROSPenTo in action can be found at

  8. 8.

  9. 9.

  10. 10.

  11. 11.

  12. 12.

  13. 13.

  14. 14.

  15. 15.

  16. 16.

  17. 17.


  1. Arkin, B., Stender, S., McGraw, G.: Software penetration testing. IEEE Secur. Priv. 3(1), 84–87 (2005)

    CrossRef  Google Scholar 

  2. Breiling, B., Dieber, B., Schartner, P.: Secure communication for the robot operating system. In: Proceedings of the 11th IEEE International Systems Conference, pp. 360–365 (2017)

    Google Scholar 

  3. Cheminod, M., Durante, L., Valenzano, A.: Review of security issues in industrial networks. IEEE Trans. Ind. Inf. 9(1), 277–293 (2013)

    CrossRef  Google Scholar 

  4. DeMarinis, N., Tellex, S., Kemerlis, V., Konidaris, G., Fonseca, R.: Scanning the internet for ROS: a view of security in robotics research. arXiv preprint arXiv:1808.03322 (2018)

  5. Dieber, B., Breiling, B., Taurer, S., Kacianka, S., Rass, S., Schartner, P.: Security for the robot operating system. Rob. Auton. Syst. 98, 192–203 (2017)

    CrossRef  Google Scholar 

  6. Dieber, B., Kacianka, S., Rass, S., Schartner, P.: Application-level security for ROS-based applications. In: Proceedings of the 2016 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS 2016) (2016)

    Google Scholar 

  7. Fairley, P.: Cybersecurity at U.S. utilities due for an upgrade: tech to detect intrusions into industrial control systems will be mandatory [News]. IEEE Spectr. 53(5), 11–13 (2016)

    CrossRef  Google Scholar 

  8. Karnouskos, S.: Stuxnet worm impact on industrial cyber-physical system security. In: 37th Annual Conference of the IEEE Industrial Electronics Society (IECON 2011), pp. 4490–4494 (2011)

    Google Scholar 

  9. Kim, J., Smereka, J.M., Cheung, C., Nepal, S., Grobler, M.: Security and performance considerations in ROS 2: a balancing act. arXiv preprint arXiv:1809.09566v1 (2018)

  10. McClean, J., Stull, C., Farrar, C., Mascareñas, D.: A preliminary cyber-physical security assessment of the robot operating system (ROS). In: Proceedings of SPIE, vol. 8741, pp. 874110–874118. (2013)

  11. Miller, B., Rowe, D.: A survey of SCADA and critical infrastructure incidents. In: Proceedings of the 1st Annual Conference on Research in Information Technology, RIIT ’12, pp. 51–56. ACM, New York, NY, USA. (2012)

  12. Nelson, N.: The impact of dragonfly malware on industrial control systems. Tech. rep, SANS Institute (2016)

    Google Scholar 

  13. OMG: Data Distribution Service (DDS), Version 1.4. (2015)

  14. OMG: Data Distribution Service (DDS) Security Specification, Version 1.1. (2018)

  15. Portugal, D., Santos, M.A., Pereira, S., Couceiro, M.S.: On the security of robotic applications using ROS. In: Artificial Intelligence Safety and Security, pp. 273–289. Chapman and Hall/CRC (2018)

    Google Scholar 

  16. Quigley, M., Conley, K., Gerkey, B., Faust, J., Foote, T., Leibs, J., Wheeler, R., Ng, A.Y.: ROS: an open-source robot operating system. In: ICRA Workshop on Open Source Software. vol. 3, p. 5. Kobe, Japan (2009)

    Google Scholar 

  17. Rodríguez-Lera, F.J., Matellán-Olivera, V., Balsa-Comerón, J., Guerrero-Higueras, M., Fernández-Llamas, C.: Message encryption in robot operating system: collateral effects of hardening mobile robots. Frontiers in ICT 5,  2 (2018).

  18. Vilches, V.M., Gil-Uriarte, E., Ugarte, I.Z., Mendia, G.O., Pisón, R.I., Kirschgens, L.A., Calvo, A.B., Cordero, A.H., Apa, L., Cerrudo, C.: Towards an open standard for assessing the severity of robot security vulnerabilities, the robot vulnerability scoring system (RVSS). arXiv preprint arXiv:1807.10357 (2018)

  19. Vilches, V.M., Kirschgens, L.A., Calvo, A.B., Cordero, A.H., Pisón, R.I., Vilches, D.M., Rosas, A.M., Mendia, G.O., Juan, L.U.S., Ugarte, I.Z., et al.: Introducing the robot security framework (RSF), a standardized methodology to perform security assessments in robotics. arXiv preprint arXiv:1806.04042 (2018)

  20. White, R., Caiazza, G., Christensen, H., Cortesi, A.: SROS1: Using and Developing Secure ROS1 Systems, pp. 373–405. Springer International Publishing, Cham. (2019)

    Google Scholar 

  21. White, R., Christensen, H., Quigley, M.: SROS: Securing ROS over the wire, in the graph, and through the kernel. In: Proceedings of the IEEE-RAS International Conference on Humanoid Robots (HUMANOIDS) (2016)

    Google Scholar 

Download references


The work reported in this article has been supported by the Austrian Ministry for Transport, Innovation and Technology (bmvit) within the project framework Collaborative Robotics and by the programme “ICT of the Future”, managed by the Austrian Research Promotion Agency (FFG), under grant no. 861264.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Bernhard Dieber .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Verify currency and authenticity via CrossMark

Cite this chapter

Dieber, B. et al. (2020). Penetration Testing ROS. In: Koubaa, A. (eds) Robot Operating System (ROS). Studies in Computational Intelligence, vol 831. Springer, Cham.

Download citation