Robot Security Vulnerabilities Pose Serious Threat to Humans

Pepper by SoftBank. Robots could be hacked, says IOActive
A SoftBank's robot, known as Pepper, dressed in a bank uniform, during a news conference in Taipei, Taiwan July 25, 2016. REUTERS/Tyrone Siu

Robots built by leading manufacturers are at “critical risk” of being hacked and posing a serious threat to people and property, according to cybersecurity researchers.

A research paper titled “Hacking Robots Before Skynet,” published by cybersecurity firm IOActive, details how thousands of home, business and industrial robots have security issues that make them susceptible to cyberattack.

“A robot is just a computer with arms and legs or wheels,” Cesar Cerrudo, chief technology officer of IOActive, tells Newsweek. “Therefore the cyber threat is much bigger. Compromised robots can be used to physically damage something or even hurt or kill someone.”

IOActive researchers have previously exposed flaws with self-driving cars, ATMs and major airlines.

The vulnerabilities present in the robots could also allow hackers to maliciously spy on people via the robot’s microphone and camera, as well as leak personal or business data. IOActive began researching the topic in 2016 as robot adoption became more mainstream.

“As robots become more common, so will hacks against them,” Cerrudo says. “We saw it with the rise of smart devices and the Internet of Things (IoT), only this time the threat that robots pose is much bigger.”

The company found around 50 cybersecurity flaws across six of the biggest robotics manufacturers: SoftBank Robotics, UBTECH Robotics, ROBOTIS, Universal Robots, Rethink Robotics and Asratec.

IOActive contacted the six robot vendors to disclose the security vulnerabilities. After receiving the report, SoftBank Robotics and Universal said they would be taking action to better protect their devices from cyberattacks, though did not specify what this would be. Neither SoftBank Robotics nor Universal Robots responded to Newsweek ’s request for comment.

In a statement to Newsweek, IOActive said: “All the vendors named have been notified with the specific details of the vulnerabilities identified in their respective systems in the course of responsible disclosure. As we are still in the disclosure process we are unable to speak to what actions each of the vendors are taking in response to its notifications.”

SoftBank’s “friendly” humanoid robot Pepper is used in retail stores in Japan, Singapore and parts of the U.S. to assist customers, and around 10,000 units have sold since they first went on sale in Japan in 2015. IOActive plans to release precise details of the vulnerabilities in several months, after the robotics firms have had time to patch the problems.

“There is some basic security protections in place, but in general they are very insecure,” Lucas Apa, a senior security consultant at IOActive, tells Newsweek . “One of the main issues is that of authentication. It is possible to access and interact with many of the robots without providing any kind of security credentials.

“As far as we’re aware, no robots have been hacked yet. However, we’ve seen people die or injured due to incidents with industrial or medical robots, so you can see what the potential is.”