Several robot manufacturers were warned earlier this year of vulnerabilities in the security of their products, but most of the problems have yet to be fixed, the researchers who identified them say, according to Reuters.
“In this research, we focused on home, business, and industrial robots, in addition to robot control software used by several robot vendors,” Lucas Apa, one of the researchers behind the report from cybersecurity company IOActive, said back in March. “Given the huge attack surface, we found nearly 50 cybersecurity vulnerabilities in our initial research alone, ranging from insecure communications and authentication issues, to weak cryptography, memory corruption, and privacy problems, just to name a few.”
While sophisticated robots are not yet a visible part of most people’s everyday lives, that is rapidly changing, and robotic systems are already widespread in the manufacturing industry. On the military side of things, over 100 leaders in the robotics and artificial intelligence fields recently signed a letter calling for a ban on fully-autonomous killer robots, even as the U.S. government grapples with the issue. In many ways, the prevalence of security flaws in robots manufactured by the companies identified by IOActive is comparable to the widely-reported hackability of the “Internet of Things.” And indeed, it is not only the robots that are made for killing that pose a potential danger.
“Our research shows proof that even non-military robots could be weaponized to cause harm,” Apa told Reuters.
“We have already begun to see incidents involving malfunctioning robots doing serious damage to their surroundings, from simple property damage to loss of human life, and the situation will only worsen as the industry evolves and robot adoption continues to grow,” Apa’s co-researcher Cesar Cerrudo reportedly said in March. “Vendors need to start focusing more on security when speeding the latest innovative robot technologies to market or the issue of malfunctioning robots will certainly be exasperated when malicious actors begin exploiting common security vulnerabilities to add intent to malfunction.”
Of the six companies IOActive alerted to security vulnerabilities in January — Denmark’s Universal Robots, SoftBank Robotics and Asratec Corp of Japan, U.S.-based Rethink Robotics, China’s Ubtech, and South Korea’s Robotis Inc. — only Rethink Robotics has taken action to address the problems.
“The potential impact to companies, and even countries, could be massive,” Nathan Wenzler, chief security strategist at security consulting firm AsTech, reportedly said of the security flaws Apa and Cerrudo identified, “should an attacker exploit the vulnerability within the applications that control these robots.”
The findings of the IOActive report, “Hacking Robots Before Skynet,” were similar to those of another IT security firm, Trend Micro, which released its own report on “Rogue Robots” in May. According to that report, “increasing the complexity and interconnection of industrial and robotic systems offers a novel attack opportunity with consequences ranging from the simple compromise of controlling machines to impacting the quality or availability of the production chain. This could be motivated by simple economic competition or in a cyberwarfare scenario, attacking factories that manufacture critical goods.”
Even as the robotics industry rapidly advances, the growing consensus seems to be that in terms of securing their systems, at least, robot manufacturers still have a long way to go. In a field such as robotics where the dangers of compromised security are real and will only get more serious as time goes on, it is worrying that they’re apparently not a top priority.