Home and factory robots can be hacked to harm humans
Last month, cybersecurity firm IOActive let everyone know that Segway MiniPro hoverboards were vulnerable to hacks and outside control via their Bluetooth connections. Now it has revealed that industrial robots from Universal Robots and consumer models from Softbank Group and UBTech Robotics also have some troubling security flaws that can allow hackers to “modify safety settings, violating applicable safety laws and, consequently, causing physical harm to the robot’s surroundings by moving it arbitrarily,” according to a report published by the company today.
The devices produced by Universal Robots are uncaged industrial robots meant to work with humans. Safety features are put in place to make sure working alongside the robots is safe for humans, but IOActive was able to override those features after hacking into the software. The company told Bloomberg that with these robots, “even running at low speeds, their force is more than sufficient to cause a skull fracture.”
With Softbank’s Pepper and NAO consumer robots, IOActive discovered that hackers can use them to record audio and video and transmit those recordings to an outside server. With UBTech’s Alpha series, information captured by the models wasn’t encrypted, making it pretty easy for someone with the right skills to steal it. And though they’re not as big as the Universal Robot devices, the smaller consumer bots could still cause some harm. Check out the video below to see UBTech’s cute Alpha 2 turn into a screwdriver-wielding, tomato-stabbing maniac.
IOActive informed the companies of the vulnerabilities it uncovered. “We contacted all the vendors in January but sadly there’s little to suggest that the 50-plus vulnerabilities we demonstrated have been fixed,” Lucas Apa, IOActive’s principal security consultant told Bloomberg. “Most vendors were not forthcoming when we contacted them in private, so going public was the only option left available to us.” Universal Robots told Bloomberg that it was aware of the report and that the products “undergo rigorous safety certification.” SoftBank said it had patched the vulnerabilities found by IOActive.
“If we know about these vulnerabilities, chances are that we’re not the only ones,” said Apa. “These are early days for the robotics industry, but as it grows, we want to make sure it has a more secure future.”
Source: IOActive, Bloomberg