Robots are still an uncommon sight in the home, but most tech analysts project a huge increase in the amount of droids deployed to do tasks in the next ten years. It might not be that long before helper robots, picture C3P0 from Star Wars or a Mr. Handy from Fallout, are handling everything from washing-up liquid to steak knives.
That last part will sound exciting to those that hate housework, but for cybersecurity experts at IOActive, it is a very chilling image. The team has published a research paper documenting the insecurities and vulnerabilities found on most consumer and industry robots.
IOActive looked at robots built by SoftBank Robotics, UBTech, ROBOTIS, Universal Robots, Rethink Robotics, and Asratec Corp. The vendors account for a large segment of the growing robotics market, and most of them show the same vulnerabilities.
The team found almost 50 cybersecurity vulnerabilities across all the robots, many of which overlapped. One of the most common mistakes was a lack of authentication and encryption on communications between a robot’s ecosystem and the vendor.
This meant that some robots could be hacked remotely and the hacker could install faulty software or even take control of the robot. In some cases, robots were sending data to vendor services over the Internet in cleartext, which anyone can view without a login or password.
The lack of authentication was coupled, in some cases, with little to no authorization. This means that once the hacker gains entry to the robot’s ecosystem, they would be able to exert the same control of the robot as the owner or vendor.
Where’s your data?
IOActive also found that robots were sending mobile network, device, and GPS information back to insecure servers, normally without the owner’s consent.
Issues with faulty robots at the moment do not extend to Terminator or Ex Machina murder-bots, but the report already shows a few cases of robot malfunctions ending in disaster. If a hacker were able to take over the controls, there could be even more damage.
The real worry is that as these robotics companies start to add more sophisticated AI, they will continue to forget about security and vulnerabilities, leading to a massive disaster.