Security experts are warning of numerous security vulnerabilities in modern robotics systems which could render them susceptible to life-threatening cyber-attacks.
IOActive CTO Cesare Cerrudo and senior security consultant, Lucas Apa, discovered around 50 bugs in six of the biggest robotics manufacturers, including SoftBank Robotics, Robotis and Universal Robots.
Part of the problem is the huge attack surface presented by a modern robotics system, including OS, firmware, software, remote control apps, cloud services, network and the physical unit itself.
Among the list of problems discovered by the duo were: data communications sent in cleartext; no, or easy-to-bypass, authentication; insufficient authorization to protect key functionality; weak cryptography; weak default configurations; weak open source frameworks and libraries and on-consensual sharing of personal data.
The report claimed that hackers could exploit any of the above to spy on users via in-built mics/cameras; use the robot as a stepping stone into the corporate network or the owner’s cloud accounts or even change its behavior in malicious ways.
Rival firms or cyber-criminals looking to extort victim organizations could subvert the operation of bots, for example, and if the robot has access to customer information, that could also be at risk, IOActive warned.
“Robots at home and business haven’t been widely adopted yet but this doesn’t reduce risks, it just means that the targets are fewer,” Cerrudo told Infosecurity.
“Industrial robots are more widely adopted and are the most dangerous ones since they work side by side with people, so there is a genuine and important risk there. The threats are real and possibilities are out there, it’s just a matter of someone deciding to exploit them.”
Apa agreed that robots used in the industrial sector should be prioritized.
“They can carry heavy and sharp objects, move their arms really fast and work in sensitive environments. The physical harm they can cause today is real and not theoretical,” he claimed.
“Other home and business robots don’t have the same strength and power yet, so the most dangerous attack scenarios will be reserved for future releases when their anatomy gets stronger.”