Supply Chain Exploitation of Secure ROS 2 Systems: A Proof-of-Concept on Autonomous Platform Compromise via Keystore Exfiltration

TL;DR

This paper demonstrates a supply chain attack on Secure ROS 2 systems, showing how compromised packages can exfiltrate credentials and enable malicious control of autonomous vehicles, highlighting security vulnerabilities.

Contribution

The paper provides a novel proof-of-concept attack on SROS 2, exposing supply chain vulnerabilities and demonstrating real-world impact on autonomous vehicle control.

Findings

Keystore credentials can be exfiltrated via DNS using Trojan-infected packages.

Attackers can inject or spoof control and perception messages, affecting vehicle behavior.

The attack applies broadly to DDS-based robotic systems using SROS 2.

Abstract

This paper presents a proof-of-concept supply chain attack against the Secure ROS 2 (SROS 2) framework, demonstrated on a Quanser QCar2 autonomous vehicle platform. A Trojan-infected Debian package modifies core ROS 2 security commands to exfiltrate newly generated keystore credentials via DNS in base64-encoded chunks to an attacker-controlled nameserver. Possession of these credentials enables the attacker to rejoin the SROS 2 network as an authenticated participant and publish spoofed control or perception messages without triggering authentication failures. We evaluate this capability on a secure ROS 2 Humble testbed configured for a four-stop-sign navigation routine using an Intel RealSense camera for perception. Experimental results show that control-topic injections can cause forced braking, sustained high-speed acceleration, and continuous turning loops, while perception-topic spoofing can induce phantom stop signs or suppress real detections. The attack generalizes to any data distribution service (DDS)-based robotic system using SROS 2, highlighting the need for both supply chain integrity controls and runtime semantic validation to safeguard autonomous systems against insider and impersonation threats.