Security experts IOActive Inc. Warn that industrial and consumer robots possessing a high degree of computerization are extremely vulnerable to hackers.
Experts found serious shortcomings in the safety of industrial robotics models sold by Universal Robots, a division of American technology company Teradyne Inc. IOActive also talks about problems with consumer robots Pepper and NAO, which are produced by the Japanese Softbank Group Corp., and Alpha 1 and Alpha 2, made by Chinese UBTech Robotics.
These vulnerabilities can allow attackers to turn robots into tracking devices, secretly spy on their owners or be used to physically harm people or damage property, researchers report in a report published Tuesday. IOActive employees were able to remotely crack the software that manages the industrial robot from Universal Robots, and disable key security features. This can lead to the fact that the devices will be programmed to harm people around them.
This is especially alarming, they say in IOActive, because these machines are large enough and have enough power that, “even working at low speeds, they can break the skull.”
Pepper robots from SoftBank and NAO, designed for home use, can be used to record audio and video and secretly transfer this data to an external server. IOActive claims that the UBTech Alpha family robots did not encrypt the confidential information they recorded before storing or transferring it, thus opening up the potential for theft of important personal information.
Just like in the case of Universal Robots, homemade robotic toys can also be reprogrammed for physical attacks on people. Of course, they are not as powerful as industrial machines, but they can seriously hurt. Cyber security specialists released a video test, where a hacked robot turns from a cute toy into a madly laughing tomato killer. Of course, the video is comic, but the researchers warn: if such a robot takes a screwdriver and tries to test for strength not vegetables, but, for example, a child or a pet, it will not be laughable.
Universal Robots spokesman Thomas Stansbaugh said the company is aware of the IOActive report. “We are constantly focusing on improving our products and paying attention to issues related to the security of our customers,” he wrote in a statement. “This includes monitoring any potential vulnerability, not just cyber security.” A representative of the vendor said that the company’s products “pass strict safety certification.”
Softbank representative Vincent Samuel also said that the company is aware of the results obtained by IOActive, and all the described vulnerabilities have already been eliminated. UBTech did not respond to requests to comment on the IOActive report.