Robots are are highly vulnerable to hackers so we need to address these issues in advance
Robots are going to be everywhere soon. According to data from research firm IDC, spending on robots and related services is set to double to €178 billion by 2020. That’s a lot of robots.
The question is, are they going to be robots like Johnny 5 from Short Circuit or the T-1000 from The Terminator? According to new research from cyber security firm IOActive, shows that in its current form at least, robots pose more risks to us than benefits.
The research found about 50 cybersecurity flaws across six of the most popular robot manufacturers in use in the world today, many of them lacking even the very basic levels of security such as password and username authentication. The report found flaws that could be used by hackers to maliciously spy via the robot’s microphone and camera, leak personal or business data, and in extreme cases, cause serious physical harm or damage to people and property in the vicinity of a hacked robot.
This is course should come as no surprise to anyone who has been paying even passing attention to the electronics business in recent years. Remember a few months ago which hacked cameras and DVRs brought down large swathes of the internet? That was caused by the fact that most devices which are part of the so-called Internet of Things have little if any security. Now it appears that the same issues are set to impact robotics.
“The industry is starting to go mainstream, but because they haven't been widely adopted yet, maybe consumers don't prioritise security,” senior security consultant with IOActive, Lucas Apa, told Newstalk. “Most of the commercial projects on the market right now, they come from research projects.”
Just as with IoT devices security is a secondary consideration, or in some cases simply not considered at all. The result is that these devices, which are invariably connected to the internet — to make them “smart” — are highly vulnerable to hackers.
Apa’s research, carried out with Cesar Cerrudo, chief technology officer for IOActive Labs, found flaws in robots which are designed to work in the home, in business and in industrial situations.
Among them was Pepper, probably the best known humanoid robot on the market, capable of interacting with humans and whose manufacturers call it “a genuine day-to-day companion, whose number one quality is his ability to perceive emotions.”
Pepper the companion robot being used to assist shoppers in a mall in Chiba, Japan. Image: Shutterstock
Many see the use robots as human companions as a major trend in the coming years, particularly for the care of the elderly. However without the right security, robots like this become a threat rather than an aid.
Cerrudo told Newstalk that one of the ways hackers could leverage robots is by creating ransomware designed just for them, and effectively hold them for ransom until their owners paid up.
Another potential scenario sees a robots — whether in business or home environments — becoming an insider threat, using the array of sensors they all have (cameras, microphones, GPS etc) to gather huge quantities of data on a person or business, feeding it back to the hackers to exploit.
While the almost complete lack of security among the robots tested didn’t come as a surprise to Apa and Cerrudo, what did come as a surprise was the lack of understanding of the problem from the companies building them:
"The only thing we were surprised with, was that the robotic vendors we have reviewed state on their website or marketing material that they have any security mechanism or feature. It is like they ignore security, so that was surprising," Apa said.
All the manufacturers have now been informed of the vulnerabilities in their systems, but “we don't know what they are going to do, whether they are going to fix the issues,” Apa said.
Just like IoT, without public pressure to ensure security is baked into their systems from the beginning, we could be facing a future where robots become mainstream without the protections in place to prevent hackers from easily and quickly compromising them.
“Vendors are not worried about security until they see the problem,” Cerrudo said, adding that this was one of the reasons for carrying out the result. “If we continue adopting insecure robots, then in a short time we will suffer the consequences if the robots are being hacked.”
To date there has been no major, high-profile hacking of a robot which has caused damage or loss of sensitive information, however this is likely because hackers are driven by economics and only put time into attacking areas where they can reap the most benefit. "Cybercriminals try to do the least effort and get the maximum profit, and for that they target technology which is the most widely adopted," Apa said.