Ӱԭ

Robots are stronger, faster, more durable… and hackable

Some of today's best known robots turn out to be easily hijacked, a sign that this burgeoning tech industry must make security a top priority, says Paul Marks
Robots on display
Don’t hack me, I want to be your friend
Yoshikazu Tsuno/Getty

We hear a lot about robots getting smarter as the AI juggernaut rolls on, but less about significant gains in strength and durability thanks to better electric motors and batteries.

That raises risks to people near them should something go wrong, which means it is more vital than ever that these devices, set to share our living and working spaces, remain entirely under our control.

This was brought home to me at the Human Robot Interaction conference in Germany. There, I got to grapple with a peculiar, hyper-flexible type of robot arm that looked, and moved, like an elephant’s trunk.

As I pushed against this pneumatic trunk bot, it gave momentarily before resisting and pushing right back, in an uncannily lifelike, organic way, and with quite some oomph behind it. It was not the kind of strength you’d want to mess with.

Still, it’s harmless, right? Robots only do what we tell them to do, after all? Perhaps not.

Apart from the chance that their controlling AI may go awry, it turns out that robots destined for or already in homes, shopping malls, hotels and workplaces suffer from the same kind of affliction that hit personal computers in the 1980s, the internet in the 1990s and, much more recently, the internet of things.

What ails the robots

That ailment? Critical software vulnerabilities that could allow attackers to hijack them. So say teams of forensic software engineers at two firms researching digital threats, IOActive of Seattle, Washington, and Rapid7 of Boston, Massachusetts.

that well-known robots like the and Nao humanoids from Japanese firm SoftBank, and the Baxter and light industrial droids from Rethink Robotics in Boston, had dozens of vulnerabilities – other robots were affected, too.

Flaws included insecure communications, authentication problems and weak cryptography – and many were common to multiple robots because robot researchers appear to share a lot of software that makes it right through to production models, says IOActive.

Worse, perhaps, the firm’s investigation was only cursory. “Our testing was not even a deep, extensive security audit,” IOActive says.

What might these vulnerabilities mean? That some robots could be hacked and controlled by unseen attackers for their own ends. These individuals could decide where the robot goes, what it does, what it films and what audio it records or transmits. Or they could even disable safety features.

Rapid7, meanwhile, found that a mobile telepresence robot – which looks like an iPad on a slim Segway and might be used in schools, hospitals and conferences – could be too. All the robot-makers identified were said to be fixing or have fixed these problems. Which is good news, but the worry lingers that more might be out there.

IOActive and Rapid7 have actually done the nascent industry a favour. Robotics tends to be steeped in a research ethic at the expense of real world concerns such as safety and security.

As IOActive puts it: “It is common for robots born as research projects to become commercial products with no additional cybersecurity protections.”

For robotics to fulfil its huge potential, public trust will be essential. That means the industry must grapple with security issues now before the robots get to grapple with us.

Paul Marks is a science and technology writer based in London

Topics: Hacking / Robots