Security firm finds rampant vulnerabilities in robots


A leading security services firm has found that multiple home, business and industrial robots are vulnerable to cyberattacks.  The research paper published by IOActive, entitled “Hacking Robots Before Skynet,” identifies an array of vulnerabilities in the systems evaluated including many graded as high or critical risk. Attackers could employ the issues found to maliciously spy via the robot’s microphone and camera, leak personal or business data, and in extreme cases, cause serious physical harm or damage to people and property in the vicinity of a hacked robot.

Authored by IOActive’s Chief Technology Officer, Cesar Cerrudo, and Senior Security Consultant, Lucas Apa, the report is available on the IOActive website.

“There’s no doubt that robots and the application of Artificial Intelligence have become the new norm and the way of the future,” said Cerrudo. “Robots will soon be everywhere – from toys to personal assistants to manufacturing workers – the list is endless. Given this proliferation, focusing on cybersecurity is vital in ensuring these robots are safe and don’t present serious cyber or physical threats to the people and organizations they’re intended to serve.”

During the past six months, IOActive’s researchers tested mobile applications, robot operating systems, firmware images, and other software in order to identify the flaws in several robots from vendors, including: SoftBank Robotics, UBTECH Robotics, ROBOTIS, Universal Robots, Rethink Robotics, and Asratec Corp.

“In this research, we focused on home, business, and industrial robots, in addition to robot control software used by several robot vendors,” said Apa. “Given the huge attack surface, we found nearly 50 cybersecurity vulnerabilities in our initial research alone, ranging from insecure communications and authentication issues, to weak cryptography, memory corruption, and privacy problems, just to name a few.”

According to Cerrudo and Apa, once a vulnerability has been exploited, a hacker could potentially gain control of the robot for cyber espionage, turn a robot into an insider threat, use a robot to expose private information, or cause a robot to perform unwanted actions when interacting with people, business operations, or other robots. In the most extreme cases, robots could be used to cause serious physical damage and harm to people and property.

Retrieve the report from IOActive here: