AMRs as a Cyber-Physical Threat

Part One of "Cybersecurity in the Age of Autonomous Mobile Robotics," a white paper by Joe Tenga, Chief Information Officer at Chang Robotics.

Before addressing industry-specific challenges, it’s essential to consider the foundational security risks posed by AMRs. While much of traditional cybersecurity focuses on digital threats, AMRs also introduce significant physical security concerns due to their ability to move autonomously through facilities and interact with secure infrastructure. An AMR can navigate hallways, enter spaces accessible via badges or keycards, and interface with devices like elevators and door controllers – capabilities that blur the line between cyber and physical security.

For example, AMRs often carry secure digital keys or credentials to access restricted elevators or doors as part of their routine. If an internal or external threat actor compromises an AMR, they can use those capabilities to gain unauthorized access to sensitive areas. Additionally, the physical mobility of AMRs introduces risks such as malicious hardware attachments or tampering. Without safeguards such as tamper-proof hardware designs, lockable access panels, regular inspections, and real-time location monitoring, an attacker could exploit an AMR as a moving platform to carry rogue devices into secure areas. In essence, a hacked or hijacked robot becomes a cyber-physical insider, capable of undermining both network defenses and physical barriers.

These dual risks mean organizations must treat AMRs as cyber-physical systems with a b

road threat profile. An incident could have both safety implications (e.g., a robot misrouting in a hospital) and data security impacts (e.g., intercepting confidential information). Recognizing AMRs as potential cyber-physical threats is the first step toward developing a security strategy that addresses both dimensions. Enterprises should enforce strict physical security protocols for AMRs, controlling who can approach or service the robots, in addition to traditional cybersecurity measures. By acknowledging that a robot with network access and wheels can bypass locked doors, security leaders can better anticipate and mitigate these unique risks.

Network Attack Vectors Targeting AMRs

While physical security measures are crucial, they do not eliminate the extensive cyber threats that AMRs face. These robots are not just standalone machines; they are networked computing devices that interface with enterprise systems, making them vulnerable to a range of advanced cyberattacks. Threat actors could exploit an AMR by attaching malicious equipment or manipulating its software, thereby transforming it into a mobile platform for attacks. In effect, a compromised AMR can act as a rogue device, roaming freely within your environment.

Common network-based attack vectors observed in IoT and robotic systems include:

• Rogue Access Points (APs) – A malicious actor could affix a small unauthorized Wi-Fi router or hotspot to an AMR, creating a backdoor wireless network inside the facility. This rogue AP can intercept network traffic as the AMR moves through Wi-Fi coverage zones, especially if any nearby systems use unencrypted or weakly encrypted communications. Sensitive data such as login credentials or operational commands could be captured in transit. By positioning the AMR in areas with high network traffic, attackers could amplify their surveillance. Modern encryption, such as properly configured TLS 1.3, significantly reduces this risk, as intercepted data would be unintelligible. Still, the mere presence of an unauthorized network can violate security policies and be used to trick nearby devices into connecting.

• Network Sniffers – An attacker might equip an AMR with packet sniffing tools to passively capture network data as the robot traverses different departments or floors. This could expose unencrypted information about operations, inventory levels, production schedules, or user credentials. In well-secured environments that enforce encryption on all network segments, the sniffer would see only gibberish. But any unencrypted traffic (or improperly segmented network) would be vulnerable. Organizations must ensure strong encryption and network segregation to prevent mobile eavesdropping.

• Man-in-the-Middle (MitM) Devices – Taking the attack a step further, an adversary could insert a device that actively intercepts and alters communications between the AMR and its control systems. For instance, a MitM attacker could spoof commands or sensor data: redirecting an AMR to the wrong location, causing delays, or injecting false readings into inventory databases. Such manipulation could even induce unsafe behavior or collisions if safety commands are blocked or altered. Employing end-to-end encryption with mutual authentication (e.g., TLS with client and server certificates) thwarts most MitM attacks by ensuring the AMR only accepts commands from authenticated controllers and that data in transit cannot be tampered with undetected.

• Hardware Implants – An incredibly stealthy threat is the insertion of a hardware implant inside the robot. These miniature devices could be embedded during maintenance or concealed as an upgrade component. Once in place, an implant can provide persistent remote access to the AMR’s internals, enabling attackers to monitor data or alter functionality at will. Because implants piggyback on the robot’s legitimate hardware, they often go undetected by everyday software-based security tools. Only physical tamper-proofing measures (e.g., seals, enclosure locks) and regular hands-on inspections can detect these issues promptly. For high-security deployments, organizations might implement randomized inspections of robots’ hardware or use sensors to detect changes in weight or power draw that could indicate a hidden device.

• IoT Exploit Modules – Attackers may target AMRs as part of broader network exploits. For example, a compromised robot could roam within range of other IoT devices or computers and scan for open ports or unpatched vulnerabilities. If an AMR connects (even briefly) to a less secure network segment, it might serve as a bridge for malware to spread into more sensitive systems. Past IoT malware, such as Mirai, demonstrated how vulnerable connected devices can be co-opted into botnets. In an enterprise, an infected AMR could attempt to propagate ransomware or spyware to every system it encounters. Strong network segmentation and rigorous patch management are crucial for containing such threats. Each robot and its communications should be isolated such that even if one AMR is compromised, it cannot freely access other corporate assets.

• Proxy Access Abuse – This often-overlooked risk stems from the legitimate capabilities of AMRs. Many AMRs are authorized to enter secure areas (e.g., badge-restricted floors or locked storage rooms) to perform their duties. An insider threat or clever external attacker could exploit this by piggybacking on the robot’s access permissions. For instance, a malicious employee might load a payload onto an AMR knowing it will be taken into a secure lab, or could remotely instruct a compromised AMR to open doors and let unauthorized personnel through. In one real scenario, researchers demonstrated that vulnerabilities in a hospital delivery robot allowed them to take control of elevators and door systems via the robot, potentially accessing floors that would otherwise require an authorized badge [ivanti.com]. This proxy risk involves using the robot as a Trojan horse to circumvent physical security controls. It highlights why security teams must account for where robots are allowed to go and what they’re allowed to do.

The stakes are high. A successful attack exploiting any of these vectors could result in data breaches, system downtime, or even compromise human safety. Notably, many IoT and robotic attacks often go undetected for long periods. Enterprises should assume that if a device is not explicitly secured, attackers will eventually target it. The dramatic rise in IoT-focused threats in recent years supports this assumption. For example, Gartner analysts predict that by 2025, nearly 45% of organizations worldwide will have experienced attacks on their software supply chains or IoT devices [techtarget.com]. AMRs, as mobile IoT devices with privileged network access, must be treated as high-value assets in threat models.

Mitigating Network Based Threats

To mitigate the above risks, organizations must adopt a layered security approach that integrates both robust cyber defenses and physical safeguards for their AMR fleets. Key strategies include:

• Secure Hardware and Tamper Prevention: Utilize tamper-evident seals, chassis locks, and intrusion sensors on robots to deter and detect unauthorized physical access to their internal components. Regularly inspect AMRs for signs of tampering or unfamiliar devices attached. Staff should be trained to promptly report any unusual occurrences (e.g., a USB stick being plugged into a robot, or an extra antenna being visible on the unit). By increasing the effort required to plant rogue devices, you reduce the window of opportunity for attackers.

• Strong Encryption and Authentication: All communications to and from AMRs should be encrypted using modern protocols (such as TLS 1.3) and authenticated. Implement certificate-based mutual authentication so that the AMR only communicates with trusted servers, and vice versa. This protects against eavesdropping (sniffers) and spoofing (Man-in-the-Middle, MitM) devices by ensuring data in transit remains confidential and unaltered. Additionally, storing sensitive data on the robot (if any) should be minimized, and any stored data should be encrypted at rest.

• Network Segmentation: Treat AMRs as untrusted by default and isolate their network traffic. Place AMR control systems and devices on dedicated VLANs or subnets separate from the core enterprise network. Use firewall rules to strictly limit which systems the AMR can communicate with. For instance, it likely only needs to interact with the fleet management server, not every database in the company. NIST’s guidance for industrial control systems explicitly advocates dividing OT networks into isolated segments with strong access controls [NIST], which also applies here. Proper segmentation ensures that even if an AMR is compromised, the attacker cannot easily pivot to more critical systems.

• Intrusion Detection and Monitoring: Deploy intrusion detection systems (IDS/IPS) and continuous monitoring on the AMR network segments. Monitor for unusual patterns such as an AMR sending traffic to an unknown external IP or large data dumps leaving the AMR network. Advanced monitoring solutions can utilize AI to learn normal AMR behavior and autonomously detect and raise alerts on anomalies (e.g., a robot communicating at odd hours or deviating from normal data volumes) [Darktrace]. Early detection of a rogue device or malware on an AMR can prevent an incident from escalating.

• Access Control and Zero Trust: Implement the Zero Trust principle for all AMR-related systems – every access request should be continuously authenticated and authorized. Use role-based access control (RBAC) to ensure only necessary personnel and systems have credentials to interact with AMRs. For example, an engineer in one facility shouldn’t, by default, have admin access to robots in another location. Enforce multi-factor authentication (MFA) for any human access to AMR management consoles or remote controls. These measures limit opportunities for attackers to misuse stolen credentials or for insiders to abuse privileges.

By combining physical hardening, encrypted communications, network isolation, and vigilant monitoring, organizations can significantly reduce the likelihood and impact of network-based attacks on AMRs. No single control is sufficient on its own – the goal is defense in depth. Just as importantly, incident response plans should specifically cover AMR-related scenarios (for instance, how to shut down or quarantine a compromised robot safely) so that security teams can react quickly if an issue is detected. A swift, coordinated response can make the difference in containing an AMR breach before it spreads to the broader enterprise.

The Threat of Shared Networks

Many organizations deploy AMRs onto shared networks, where robots communicate over the same wireless LAN or internal network as other IoT devices, corporate PCs, or even industrial control systems (ICS). While convenient and cost-effective, using shared infrastructure in this way introduces significant cybersecurity risks. Unlike a segregated network that isolates devices, a shared network broadens the attack surface, making AMRs more susceptible to threats such as unauthorized access, data interception, and lateral movement by attackers.

In industries where AMRs handle sensitive data or interface with critical systems, a shared network means that a breach of one device can quickly affect others. A compromised AMR on a flat network could serve as an entry point for cyber threats, allowing attackers to pivot into more critical systems, disrupt operations, or exfiltrate confidential data. For example, consider a hospital where an AMR is connected to the general hospital’s IT network. If that robot is compromised, an attacker might leverage it to access electronic health record (EHR) databases or medical device networks. Similarly, in a manufacturing plant, a hacked AMR on the plant’s main network could probe and interfere with ICS, potentially halting production or damaging equipment.

Beyond direct cyber threats, shared networks can also introduce reliability challenges. Although most AMRs operate with self-contained instructions and localized decision-making, they may still rely on network communication for reporting, receiving updates, or coordinating with other systems. In scenarios where multiple devices compete for bandwidth, such as high-resolution video streams from security cameras, network congestion can delay non-critical data exchanges or status updates. While this may not directly interrupt the robot’s core functions, it could impair real-time coordination with centralized systems or cloud platforms, potentially leading to inefficient operations or delayed responses to changing conditions. Thus, the predictability and quality of service on a shared network are concerns alongside security.

In summary, while shared networks are commonly the norm, they merge the risks of IT and OT environments, potentially magnifying existing vulnerabilities. An exploit anywhere on the shared medium – whether it’s a vulnerable smart TV in a lobby or a malware-infected laptop – can potentially reach the AMR.

This interconnectedness means that securing AMRs must also involve securing the broader network and managing the interplay of all connected devices. Many high-profile breaches in recent years have originated from less critical devices being used as footholds; an AMR should not become the weakest link that opens the door.

Mitigating Shared Network Risks

Ideally, network segregation is the best practice: keeping AMRs on dedicated networks with tightly controlled gateways. When that isn’t feasible due to cost or operational needs, organizations should implement enhanced security measures to harden the shared environment. Key mitigations include:

• Virtual Network Segmentation (VLANs): Even on a shared physical network, create logical segmentation using VLANs for AMR traffic. For example, all AMRs and their management systems could be on VLAN 50, separated from the corporate office VLAN 10. Configure access control lists so that VLAN 50 only communicates with necessary services (such as the robotics management server on VLAN 51) and nothing else. This limits the blast radius if an AMR is compromised and prevents it from freely communicating with unrelated endpoints.

• Quality of Service (QoS) Policies: Implement QoS to prioritize AMR communications over other traffic. Time-sensitive commands or sensor feeds from robots should not be delayed by bulk data transfers elsewhere on the network. By marking AMR traffic with high priority and reserving bandwidth, you reduce the chance that network congestion will cause robotics operations to lag. This is especially important for real-time or safety-critical AMR functions.

• Lightweight, Efficient Encryption: Ensure that even within the local network, AMR communications are encrypted, but use protocols optimized for speed to minimize latency. Algorithms like AES-128-GCM, which efficiently combine encryption and integrity checking, are commonly used for IoT devices. In higher-security contexts, AES-256-GCM can be deployed, and alternatives such as ChaCha20-Poly1305 can be considered for devices that lack AES hardware acceleration. The goal is never to send data in plain text, even internally. Lightweight encryption protects against an attacker who might already have a foothold on the network and is attempting to sniff or manipulate robot traffic.

• Continuous Network Monitoring: Deploy real-time monitoring that analyzes both the network traffic and the AMR behavior on the shared network. This could be an extension of your intrusion detection system, tuned to look for anomalies in the AMR VLAN. Suspicious signs might include an unknown device trying to communicate with an AMR, an AMR suddenly transmitting large amounts of data to a new server, or repeated failed connection attempts (which could indicate scanning or brute-force attempts). Automated alerts should be set to notify IT staff of these events so they can be investigated immediately.

• Zero Trust Access Controls: Adopt a Zero Trust approach, where each device on the shared network is assumed to be hostile until proven otherwise. Concretely, this means continuously verifying identities and permissions. Utilize network access control (NAC) solutions to authenticate devices when they join the network and to check their compliance posture (e.g., is the AMR running approved firmware?). Implement strict role-based access controls for any systems that interface between the AMR network and other networks, ensuring that even if credentials are stolen, they cannot be used to pivot broadly. Multi-factor authentication should be required for any remote access into the AMR network segment.

By implementing these strategies, organizations can significantly reduce the risks associated with shared network deployments of AMRs. While a fully air-gapped robot network is ideal for security, it may not be practical for all. A well-designed shared network with strong segmentation, traffic management, and vigilant monitoring can still provide a high level of protection for AMR operations. It is about compensating for the additional exposure with tighter controls and more thoughtful oversight. Treat every AMR as a critical endpoint and every other device as a potential threat. You will then design a network environment that enables robots to operate safely and reliably, even in the face of broader connectivity.

This article is Part One of Cybersecurity in the Age of Autonomous Mobile Robotics, a white paper by Joe Tenga, Chief Information Officer at Chang Robotics.

The full paper explores these risks in greater depth and outlines concrete strategies for securing AMR fleets in real-world enterprise environments.