As industrial robots become an integral part of Industry 4.0 in the manufacturing sector, their interconnection and interoperability introduce significant security challenges. RESTful Web services have emerged as the preferred method for network communication due to their simplicity and ease of use. However, the effective detection of security flaws in RESTful services for industrial robots still faces three key challenges: high-quality test case generation, high-throughput testing, and anomaly detection. Unlike traditional applications deployed within cloud services, limited computational resources, unique controller states, and unclear API specifications in robot further complicate the resolution of these challenges. Consequently, a large number of security flaws persist in real and deployed devices, with some flaws even posing the risk of physical damage.

To address these challenges, we propose a novel testing technique named RobRest specifically designed for emerging RESTful services in the context of robotic systems. In test case generation, RobRest analyzes description fields extracted from the OpenAPI specification, ensuring the generation of high-quality test cases. During abnormality observation, RobRest combines both cyber and physical space states to identify anomalies in the target service. Additionally, RobRest automatically customizes each testing request to the service, minimizing resource usage within the robot controller and bypassing the quantity restrictions present in the controller. Applying RobRest to industrial robots, we identified a total of 19 system flaws (4 vulnerabilities and 15 bugs), and 2 of them have been assigned CVE IDs. Exploiting them can affect a multitude of industrial robots in the physical world.