Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Robots: Lots of features, not much security

Taylor Armerding | April 10, 2017
Robots are a growing component of the IoT. And, like most smart devices, they have impressive features but numerous security holes.

While all of those incidents were considered accidents, “similar incidents could be caused by a robot controlled remotely by hackers,” they wrote.

None of which has, apparently, slowed the appetite for robots of both consumers and businesses.

It is still a relatively young industry. Reports by the International Federation of Robotics (IFR) put growth in the hundreds of thousands to millions, not billions. But the annual growth percentages are impressive – in the 25 percent range.

IFR’s 2016-19 forecast for sales of personal and domestic service robots is 42 million. They are used for things like vacuum and floor cleaning, lawn mowing, entertainment and leisure and elderly and handicap assistance.

It also reports that by 2019, more than 1.4 million new industrial robots will be installed in factories around the world, bringing the total to 2.6 million.

That increase of robotic automation in the workplace had former Florida governor and Republican presidential candidate Jeb Bush saying just this past week that people should be “marching in the street,” demanding reform in an “antiquated” education system that isn’t helping students compete for jobs against increasingly sophisticated robots.

A few catastrophic incidents brought on by hackers getting through lax security in robotic systems could change that, of course. There are no reports, yet, of hackers causing injury or death. But, as Cerrudo and Apa point out, the “attack surface” is very broad. They reported finding vulnerabilities in:

  • Microphones and cameras
  • Network connectivity
  • External services interaction
  • Remote control applications
  • Modular extensibility
  • Safety features
  • Main software (firmware)
  • Known operating systems
  • Network advertisement
  • Backups
  • Connection ports

This, they concluded, was in some measure due to most robots using open-source frameworks and libraries. One of the most popular, the Robot Operating System (ROS), “suffers from many known cybersecurity problems, such as cleartext communication, authentication issues and weak authorization schemes.”

While sharing is fine for development and programming, it only works if the software is secure. “Unfortunately this isn’t the case here.”

Indeed, Cerrudo said in an interview that he and Apa didn’t even have to purchase the robots they tested from about a half-dozen manufacturers. “We got access to the different components – mobile applications, firmware, operating systems, software, etc. They were available on the internet to download,” he said, adding that they provide all the functionality for the physical part of the robots.

What will it take to build better security into robots? Experts generally agree that it won’t be done without some major incentives, since the market incentives are to get a product loaded with attractive features to market as quickly as possible.

As Andrew Ostashen, cofounder and principal security engineer at Vulsec, noted that revising features or hardware, “could push out the product delivery date, which could cost million or even billions in missed revenue.”

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.