Robots Are Security Risks: New Study Reveals

A new study reveals that robots for home, business or industrial use available in the market are highly susceptible to cyber attacks — making them a security risk.

Robots can be hacked remotely and the attacker can use it to satisfy their nefarious purpose. An attacker can use the camera and microphone to spy on individuals or organisations or could route through it to steal personal or business data.

In extreme cases, robots might even cause physical damage if commanded so by the attacker.

Popular movies like the Terminator franchise has already outlined the idea robots going rogue in its five-part movie series and the reasearch paper titled ‘Hacking Robots before Skynet’ by IOActive employees reiterates the possibility.

The researchers focussed on the robot control software used by several leading robot vendors for home, business and industrial robots.

“We have already begun to see incidents involving malfunctioning robots doing serious damage to their surroundings, from simple property damage to loss of human life, and the situation will only worsen as the industry evolves and robot adoption continues to grow,” said Cesar Cerrudo, Chief Technology Officer, IOActive.

Internet-connected robots aren’t being used as widely as of now and the application is limited to research laboratories in a majority of the cases, but with countries introducing robots in medical care as well as to maintain security in public places, their application in the future seems widespread — and inevitable.

“We found nearly 50 cybersecurity vulnerabilities in our initial research alone, ranging from insecure communications and authentication issues to weak cryptography, memory corruption, and privacy problems, just to name a few,” said Lucas Apa, Senior Security Consultant, IOActive.

The researchers pointed out issues with the framework that is being used to programme these robots — namely, ROS which is the most popular one.

Most of the robots tested by the researchers had poor authentication protocol, which means that if an attacker gains entry into the same network as the robot, then modifying the robot’s software and controlling it is child’s play.

“Robots will soon be everywhere — from toys to personal assistants to manufacturing workers — the list is endless. Given this proliferation, focusing on cyber security is vital in ensuring these robots are safe and don’t present serious cyber or physical threats tot he people and organisations they’re intended to serve,” Cerrudo added.

The researchers also found out vulnerabilities with the robot’s operating system’s update software, which can also be hacked and in several cases where the factory reset on the robot is unavailable, once infected, a robot can not be brought back to its original state.

Robots and their tech were sourced from six vendors, which include Asratec Corp, SoftBank Robotics, Universal Robots, UBTECH Robotics, Rethink Robotics and ROBOTIS.

The researchers stated that implementing Secure Software Development Life Cycle (SSDLC), security audits, encryption and upgrading authentication process, among other things, will be helpful in improving the security of robots to avoid them from falling into the wrong hands.