Can Robots be Hacked for Corporate Espionage?

IOActive releases report discussing high risk security flaws in several companies’ products.

I think it’s safe to say, we’ve all been paranoid about the rapid advance of robotics technology and have entertained the idea of industrial robots taking away jobs. However, the big thing to be afraid of now may be robots-gone-rogue.

IOActive, a security services firm, recently jumped on the internet soap-box to promote this concerning news in their new report, “Hacking Robots Before Skynet.”

In a recent statement, IOActive discussed vulnerabilities graded as a “high or critical risk,” which could leave robots susceptible to cyberattack. Attackers could manipulate these vulnerabilities for the purpose of corporate espionage or even sabotage.

“Attackers could employ the issues found to maliciously spy via the robot’s microphone and camera, leak personal or business data and in extreme cases, cause serious physical harm or damage to people and property in the vicinity of a hacked robot,” IOActive’s statement read.

The company’s researchers tested mobile apps, robot operating systems, firmware images and other software to identify flaws in robots from vendors including SoftBank Robotics, UBTECH Robotics, ROBOTIS, Universal Robots, Rethink Robotics and Asratec Corp.

“In this research, we focused on home, business and industrial robots, in addition to robot control software used by several robot vendors,” said Lucas Apa, senior security consultant at IOActive.

“Given the huge attack surface, we found nearly 50 cybersecurity vulnerabilities in our initial research alone, ranging from insecure communications and authentication issues, to weak cryptography, memory corruption and privacy problems, just to name a few,” said IOActive.

The listed companies were alerted of discovered vulnerabilities in accordance with responsible disclosure policies. Details of these vulnerabilities may be released to the public after the disclosure process, once the companies have had time to address the findings.

The company’s paper is authored by Apa and IOActive’s CTO, Cesar Cerrudo.

“Robots will soon be everywhere – from toys to personal assistants to manufacturing workers – the list is endless. Given this proliferation, focusing on cybersecurity is vital in ensuring these robots are safe and don’t present serious cyber or physical threats to the people and organizations they’re intended to serve,” Cerrudo said.

The report offers details on these points, while also outlining basic security precautions that should be taken by robotics vendors, including implementing Secure Software Development Life Cycle (SSDLC), encryption, security audits and more.

Cerrudo ends  IOActive’s statement with a warning, saying:

“We have already begun to see incidents involving malfunctioning robots doing serious damage to their surroundings, from simple property damage to loss of human life, and the situation will only worsen as the industry evolves and robot adoption continues to grow. Vendors need to start focusing more on security when speeding the latest innovative robot technologies to market, or the issue of malfunctioning robots will certainly be exacerbated when malicious actors begin exploiting common security vulnerabilities to add intent to malfunction.”

To learn more, visit the IOActive website. To download your own copy of the company’s report, click here.