The ROS2 threat model document mentions that one of the security issues in ROS2.0 is caused by the malicious node(s).
An attacker deploys a malicious node to the robot. This node performs dangerous movements that compromise safety. The node attempts to perform physical or logical damage to the modules.
It is unclear to me why malicious users are able to deploy a node on your robot (a benign user). Is it that the attacker can deceive you to use a repository containing malicious code? Or could the attacker be a collaborator, sharing access to the robot and thereby having the ability to directly deploy any node?
Are there any cases in which multiple users share a robot (or OS, such as Ubuntu) and can all deploy nodes?
Greetings,
The ROS2 threat model document mentions that one of the security issues in ROS2.0 is caused by the malicious node(s).
It is unclear to me why malicious users are able to deploy a node on your robot (a benign user). Is it that the attacker can deceive you to use a repository containing malicious code? Or could the attacker be a collaborator, sharing access to the robot and thereby having the ability to directly deploy any node?
Are there any cases in which multiple users share a robot (or OS, such as Ubuntu) and can all deploy nodes?