Although robot assistants can be convenient in the workplace or at home, they can also be dangerous because they are vulnerable to hacking, according to IOActive Inc., a cybersecurity consultancy firm. At the Hack in the Box security conference in Singapore, the firm warned that popular industrial and consumer robots around the world could easily be turned into weapons or devices for spying by a knowledgeable hacker.
The firm looked into the vulnerabilities of industrial robots sold by Universal Robots, and consumer robots Pepper and NAO from Japan’s Softbank Group. The firm also researched the Alpha 1 and Alpha 2 consumer robots from UBTech Robotics, a company based in China. The researchers say that if the cyber attackers are in the same network as the robot, they can compromise the device.
The devices from Universal Robots are designed for an industrial environment, but they’re also designed to work alongside people. The devices are built with key safety features, but IOActive was able to figure out how to turn off these features by remotely hacking the robot’s software, which had no authentication. The software only used integrity checks that could be easily figured out by a hacker. The integrity checks were also only designed to stop a hacker from installing malware updates. The hackers used the “buffer overflow” security vulnerability to access the operating system for the robot’s arms. They were able to overwrite the file that limits how much speed and force the robot’s arms can apply. It is a problem that Universal Robots can be hacked because these machines are powerful enough to harm people since they’re designed for industrial use. These robots have arms that can extend four feet out, and they can lift up to 22 pounds, making them formidable devices if they are hacked.
The researchers found that the robots for consumer use, Pepper and NAO, could be hacked to record both audio and video. The devices can also be hacked to send the secretly recorded data to an external server without the consumer’s knowledge. The NAO robot can also be hacked to conduct physical attacks, like the Universal Robots. Although the NAO robot is not as large or powerful as the Universal Robots, it can still be dangerous to household pets if it’s hacked.
Although not every company is looking to add a robot to their workplace environment, it is clear the companies are relying more and more on advanced devices to get work done. As companies add more IoT devices to their environment, it is imperative that they secure their networks and use Endpoint Security Software to monitor for cyber threats. Below are three tips that CIOs at companies can use to secure all of the devices running on their networks: