Robots are hackable, but manufacturers are failing to fix the problem – researchers
ROBOTS are not equipped with enough cybersecurity measures to fend off hackers, say researchers from cybersecurity firm IOActive.
They pointed to consumer and industrial robots as some of the most vulnerable to threats.
Researchers Cesar Cerrudo and Lucas Apa said hackers could easily breach the systems of robots to spy on users and disable safety features. Vulnerabilities embedded deep in the robots could also be exploited to give hackers control over the product, resulting in out of control robots that could endanger users and bystanders.
Reuters reported though nearly 50 of these vulnerabilities had been flagged to manufacturers as potential risks as early as January, the industry has been slow to respond and few of the problems have been addressed.
— Forbes (@Forbes) August 22, 2017
“Our research shows proof even non-military robots could be weaponized to cause harm,” Apa said in an interview with Reuters.
“These robots don’t use bullets or explosives, but microphones, cameras, arms and legs. The difference is that they will be soon around us and we need to secure them now before it’s too late.”
These robots, according to Cerrudo and Apa, are part of our everyday lives and proliferate in spaces such as the home, office and factory. Apa pointed out even if a robot was small – such as the 17-inch (43.18 cm) tall Alpha 2 robot from Ubtech which wields a screwdriver – the potential damage it could cause when hacked is significant.
The findings also found issues with the popular Pepper and NAO robots, which are manufactured by Softbank Group, and are in homes all over the world;, as well as the Alpha 1 and Alpha 2 by UBTech Robotics.
“Maybe it’s small and it’s not really going to hurt right now, but the trend is that the robots are going to be more powerful,” he said.
“We tested industrial ones which are really heavy and powerful, and some of the attacks work with them.”
Apa said only one of six contacted manufacturers, Rethink Robotics claimed they had fixed their outstanding problems, though Apa could not confirm it. Rethink, according to Reuters, said all its problems, excluding problems in its education and research robots, had been addressed.
Apa also noted other manufacturers – including Universal Robots of Denmark, Softbank Robotics and Asratec Corp of Japan, Chinese corporation Ubtech, and South Korean Robotis Ltd. – had updates that did not appear to have fixed the system’s existing vulnerabilities.
Apa and Cerrudo’s initial findings were released in January, though they only released specific details this week. One such vulnerability saw a Universal Robot factory hijacked.
Experts said the vulnerabilities of these robots could be used by hackers to disrupt factories through ransomware attacks, as clearly demonstrated by the recent WannaCry attacks which crippled the UK’s National Health Service and the NotPetya virus which disabled operations of a Cadbury factory.
— ABC News (@abcnews) August 21, 2017
“The potential impact to companies, and even countries, could be massive should an attacker exploit the vulnerability within the applications that control these robots,” Nathan Wenzler, chief security strategist at AsTech, a San Francisco-based security consulting company, said to Reuters.
Though the slow uptake by manufacturers has been frustrating, but it’s not surprising, drone manufacturer Kittyhawk.io founder Joshua Ziering told Bloomberg. He pointed to the fact the newness of technology and slow regulatory process would mean technology would likely continue to outpace those who would seek to ensure greater protections for users.
“A new technology bursts on to the market and people fail to secure it,” he is quoted as saying.
Apa and Cerrudo’s findings come hot on the heels of a letter delivered to the UN from 116 leading robotics and artificial intelligence experts – as well as tech maven Elon Musk – which petitions the organization to develop policies with regards to autonomous weapons and “killer robots”. The letter warns of the potential escalation of violence these innovations would produce, and the technological arms war brewing in countries all across the world.
- Adobe’s Achilles heel: How InDesign became a hacker tool and what other options are out there
- Unprecedented data breaches of the last ten years – and their aftermath
- Adobe products continuously targeted for phishing attacks
- Singapore’s AI strategy 2.0 explained
- Can AMD disrupt Nvidia’s AI reign with its latest MI300 chips?