SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
24 Mar 2017

Robots rife with cybersecurity holes

Robots with inadequate security could be hacked and cause physical harm or be used to spy on unsuspecting owners in the near future.

Researchers at IOActive Labs released a report Wednesday warning that consumer, industrial and service robots in use today have serious security vulnerabilities making them easy targets for hackers or accidental breaches.

In a review of 10 robots, which ranged from home, business, and industrial, IOActive said the risks ranged from insecure communications, authentication issues, weak cryptography and missing authorization. Cesar Cerrudo, CTO of IOActive Labs, said robots suffer from many of the same security shortcomings of as IoT, medical devices, smart cars and plush toys. “We found nearly 50 cybersecurity vulnerabilities in the robot ecosystem components, many of which were common problems,” according to the IOActive Labs report. As part of its investigation, IOActive analyzed some robot hardware as well as robot ecosystems. Some of the robots examined included SoftBank Robotics’ NAO and Pepper robots, UBTECH Robotics’ Alpha 1S and Alpha 2 robots and Rethink Robotics’ Baxter and Sawyer robots.

Underlying issues within the robots studied for the report, Cerrudo said, included weak default configurations, a big security problem responsible for privacy breaches and DDoS attacks in other internet-connected devices. “We found robots with insecure features that couldn’t be easily disabled or protected, as well as features with default passwords that were either difficult to change or could not be changed at all,” according to the report.

In a closer examination of the robot ecosystems, IOActive Labs said many of the robot platforms it analyzed use open source frameworks and libraries that suffer from known vulnerabilities such as cleartext communication, authentication issues, and weak authorization schemes. “In the robotics community, it seems common to share software frameworks, libraries, operating systems, etc., for robot development and programming. This isn’t bad if the software is secure; unfortunately, this isn’t the case here,” according to IOActive Labs.

Cerrudo said the threat of robots is unique in that many are semiautonomous and can wander and impact their immediate physical environment. “The threat is limited today, compared to what robots will be capable of in the future,” he said. Robot components such as microphones, cameras, network connectivity, remote control applications and mobility features that help robots navigate physical environments need better security, Cerrudo said.

“A hacked autonomous robot can move around as long as its battery continues to provide power. This allows hackers to control an ‘insider threat’ and steal information or cause harm to nearby objects or people,” according to the report. When asked, Cerrudo could not point to any known cases of a hacked robot causing personal harm or posing a security risk. Nevertheless, he cited several robot-related accidents that he said demonstrate potential risks posed by a hacked robot.

In one case cited by IOActive Labs, a woman was killed in an industrial accident in 2015 in Alabama when an industrial robot restarted abruptly. It cited additional loss of life incidents tied to robotic functions within computerized medical and military equipment. “We aren’t aware of any robots that have been hacked. But security of the robots we tested are very poor. Eventually in the future, when robots are more mainstream, we expect cybercriminals will start seeing hacking robots as a way to make money,” said Lucas Apa, senior security consultant with IOActive Labs.

That timeline of mass robot adoption is still a little foggy, according to Apa. According to market research firm IDC, worldwide spending on robots will reach $188 billion by 2020, up from $91.5 billion in 2016. According to IDC many of those robots will include consumer, industrial, and service robots for industries such as healthcare and retail.

“The industry doesn’t appear to learn from it’s mistakes,” Cerrudo said. The same developer pressures that lead to cybersecurity missteps in the past are impacting robot development today. “Security still appears to be an afterthought as developers face pressures to introduce new features without sufficient vetting for security and bend over backward to please investors by bringing products to market fast,” he said.

Security needs to a priority for robots from day one, the report states. “Vendors must ensure that a robot’s default configuration is secure… Vendors should make sure that all of their technology providers implement cybersecurity best practices… And vendors must implement Secure Software Development Life Cycle processes,” according to the report.

Tags:
robots information leaks surveillance
Source:
Threatpost
1731
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015