Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Robots Vulnerable to Cyberattacks: Researchers

Robots vulnerable to cyberattacks

Robots vulnerable to cyberattacks

The software and firmware that bring robots to life are affected by potentially serious vulnerabilities that can allow hackers to remotely take control of the machines, according to an analysis conducted by security firm IOActive.

Robots are increasingly common in homes, businesses, industrial environments, the military and law enforcement, and healthcare organizations. International Data Corporation (IDC) estimated in January that worldwide spending on robotics and related services will reach $188 billion in 2020.

There have been many cases in the past years where people were injured or killed in accidents involving robots, but experts warn that robots could pose a serious threat if they are vulnerable to remote hacker attacks.

IOActive researchers have analyzed home, industrial and business robots from six different vendors: SoftBank Robotics (NAO and Pepper robots), UBTECH Robotics (Alpha 1S and Alpha 2), ROBOTIS (ROBOTIS OP2 and THORMANG3), Universal Robots (UR3, UR5 and UR10), Rethink Robotics (Baxter and Sawyer), and Asratec Corp (V-Sido robot control system).

The researchers have not acquired the actual robots and instead conducted tests on their mobile applications, software and firmware.

IOActive said it identified nearly 50 vulnerabilities in the tested components, but the security firm noted that it did not conduct an in-depth analysis, which suggests that the actual number of weaknesses is likely much higher.

The company has only published a paper providing a non-technical description of the vulnerabilities. Technical details will be made available after vendors have had a chance to address the flaws.

IOActive told SecurityWeek that it has notified all affected vendors, but only four of them have responded so far: SoftBank Robotics, UBTECH Robotics, Universal Robots and Rethink Robotics.

Advertisement. Scroll to continue reading.

“Just one, SoftBank Robotics, said they were going to fix the issues but without any further details on when and how they are going to do it and what issues they were going to fix,” said Cesar Cerrudo, IOActive’s CTO and one of the paper’s authors. “Then Universal Robots said that our findings were interesting and that they should do something about it without giving any details. The rest haven’t mentioned if they are going to fix the issues or not.”

Robot vulnerabilities and impact

According to IOActive, the robots it has analyzed are affected by various types of vulnerabilities, including problems related to communications, authentication, authorization mechanisms, cryptography, privacy, default configurations, and open source components.

The flaws allow attackers to intercept communications between the robot and the application controlling it, remotely access critical services without a username and password, install malicious software, and extract sensitive information that is not encrypted properly.

Researchers said the vulnerabilities they identified can be exploited for spying via the robot’s camera and microphone, steal personal or business data, and even take control of the machine and cause physical damage or harm.

“Vendors need to start focusing more on security when speeding the latest innovative robot technologies to market or the issue of malfunctioning robots will certainly be exasperated when malicious actors begin exploiting common security vulnerabilities to add intent to malfunction,” Cerrudo said.

Related: Cars Plagued by Many Serious Vulnerabilities

Related: Panasonic In-Flight Entertainment Systems Can Be Hacked

Related: Burglars Can Easily Disable SimpliSafe Alarms

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...