Credit: Kārlis Dambrāns
Robots are supposed to do good things for us, not bad things to us.
But there is plenty of evidence that, like the billions of other connected devices that make up the Internet of Things (IoT), the growth of robot technology is coming with loads of features, but not much of a security blanket.
More evidence came in a report on home, business and industrial robots released last month by security research firm IOActive, which found that “most” of them lacked what experts generally call “basic security hygiene.”
Those included the predictable list: Insecure communication channels, critical information sent in cleartext or with weak encryption, no requirement for user names or passwords for some services, weak authentication in others, and a lack of sufficient authorization to protect critical functions such as software installation or updates.
All of which would allow, “anyone to remotely and easily hack the robots, … install software in these robots without permission and gain full control over them.”
Beyond that were privacy problems – mobile applications sending private information to remote servers without user consent, including, “mobile network information, device information and current GPS location. This information could be used for surveillance and tracking purposes,” the report said.
And, as is the case with many IoT “smart” devices, they aren’t smart enough to allow their owners to close some of the security holes.
“We found robots with insecure features that couldn’t be easily disabled or protected, as well as features with default passwords that were either difficult to change or could not be changed at all,” wrote the report’s authors, CTO Cesar Cerrudo and Senior Security Consultant Lucas Apa,
The damage from hacked robots could range from spying to injury to death. Cerrudo and Apa cited statistics from the US Department of Labor, which maintains a list of “robot-related incidents, including several that have resulted in death.”
It was an accident
According to IOActive’s report, “Hacking Robots Before Skynet,” there are no documented cases of people hurt or killed by robots that were attributed to hackers. But the report compiled a brief list of serious incidents that were considered accidents, drawn from US Department of Labor statistics. They include:
- A woman was killed by an industrial robot in 2015 at the Ajin USA plant in Cusseta, Ala., when an industrial robot restarted abruptly.
- A robot security guard at the Stanford Shopping Center in Silicon Valley knocked down a toddler. The child was not seriously hurt.
- A Chinese-made robot at a Shenzhen tech trade fair smashed a glass window and injured a bystander.
- In 2007 a robot cannon malfunction during a shooting exercise killed nine soldiers and seriously injured 14 others.
Sign up for CIO Asia eNewsletters.