Robot manufacturers in January were warned about nearly 50 vulnerabilities in their home, business and industrial robots, by researchers now say that only a few of the problems have been addressed.
The vulnerabilities would allow hackers to make robots lurch and move violently, putting users and bystanders in danger, to spy on users and disable safety features, said the researchers, Cesar Cerrudo and Lucas Apa of cybersecurity firm IOActive,
Questions about allowing robots in homes, offices and factories were raised by the fact that the robots were hacked so easily and by the manufacturers' lack of response, even while they say that there are no signs that hackers have exploited the vulnerabilities.
"Our research shows proof that even non-military robots could be weaponized to cause harm," Apa said in an interview.
"These robots don't use bullets or explosives, but microphones, cameras, arms and legs. The difference is that they will be soon around us and we need to secure them now before it's too late."
Saying they had fixed some or all of the issues raised, some of the robot manufacturers defended themselves.
With the demand of banning the development of killer military robots, or autonomous weapons, a letter signed by more than 100 leading robotic experts has been sent to the United Nations and Apa's comments come in the wake of that letter.
Out of the six manufacturers contacted, only one, Rethink Robotics, said some of the problems had been fixed, said Apa, a senior security consultant. But because his team does not have access to that particular robot, he had not been able to confirm that, he said.
All but two issues - in the education and research versions of its robots - had been fixed said a spokesman for Rethink Robotics, which makes the Baxter and Sawyer assembly-line robots.
He was inclined to believe that none of the issues he had raised had been fixed by a review of updates from the other five manufacturers - Universal Robots of Denmark, SoftBank Robotics and Asratec Corp of Japan, Ubtech of China, and Robotis Inc of South Korea, he said.
Asratec said that it believed IOActive was pointing to security vulnerabilities in its software because software released for its robots so far was limited to "hobby use sample programs". It said that software it planned to release for commercial use would be different.
It had already identified the vulnerabilities and fixed them, SoftBank Robotics said. Ubtech said it had "fully addressed any concerns raised by IoActive that do not limit our developers from programming" their robots.
There were no comments available from Universal Robots.
Joshua Ziering, founder of Kittyhawk.io, a commercial drone software company said that the slow reaction by the robot industry was not surprising. "A new technology bursts on to the market and people fail to secure it," he said.
Factories could be disrupted by cyber criminals by ransomware attacks, or with robots slowed down or forced to embed flaws in the products they are programmed to build as the the robot vulnerabilities were alarming, said cybersecurity experts.
"The potential impact to companies, and even countries, could be massive," said Nathan Wenzler, chief security strategist at AsTech, a San Francisco-based security consulting company, "should an attacker exploit the vulnerability within the applications that control these robots."
Demonstrating how a 17-inch (43.18 cm) tall Alpha 2 robot from Ubtech could be programmed to violently jab a screwdriver, Apa said that even in the home, danger lurks.
"Maybe it's small and it's not really going to hurt right now, but the trend is that the robots are going to be more powerful," he said. "We tested industrial ones which are really heavy and powerful, and some of the attacks work with them."
(Source:www.reuters.com)
The vulnerabilities would allow hackers to make robots lurch and move violently, putting users and bystanders in danger, to spy on users and disable safety features, said the researchers, Cesar Cerrudo and Lucas Apa of cybersecurity firm IOActive,
Questions about allowing robots in homes, offices and factories were raised by the fact that the robots were hacked so easily and by the manufacturers' lack of response, even while they say that there are no signs that hackers have exploited the vulnerabilities.
"Our research shows proof that even non-military robots could be weaponized to cause harm," Apa said in an interview.
"These robots don't use bullets or explosives, but microphones, cameras, arms and legs. The difference is that they will be soon around us and we need to secure them now before it's too late."
Saying they had fixed some or all of the issues raised, some of the robot manufacturers defended themselves.
With the demand of banning the development of killer military robots, or autonomous weapons, a letter signed by more than 100 leading robotic experts has been sent to the United Nations and Apa's comments come in the wake of that letter.
Out of the six manufacturers contacted, only one, Rethink Robotics, said some of the problems had been fixed, said Apa, a senior security consultant. But because his team does not have access to that particular robot, he had not been able to confirm that, he said.
All but two issues - in the education and research versions of its robots - had been fixed said a spokesman for Rethink Robotics, which makes the Baxter and Sawyer assembly-line robots.
He was inclined to believe that none of the issues he had raised had been fixed by a review of updates from the other five manufacturers - Universal Robots of Denmark, SoftBank Robotics and Asratec Corp of Japan, Ubtech of China, and Robotis Inc of South Korea, he said.
Asratec said that it believed IOActive was pointing to security vulnerabilities in its software because software released for its robots so far was limited to "hobby use sample programs". It said that software it planned to release for commercial use would be different.
It had already identified the vulnerabilities and fixed them, SoftBank Robotics said. Ubtech said it had "fully addressed any concerns raised by IoActive that do not limit our developers from programming" their robots.
There were no comments available from Universal Robots.
Joshua Ziering, founder of Kittyhawk.io, a commercial drone software company said that the slow reaction by the robot industry was not surprising. "A new technology bursts on to the market and people fail to secure it," he said.
Factories could be disrupted by cyber criminals by ransomware attacks, or with robots slowed down or forced to embed flaws in the products they are programmed to build as the the robot vulnerabilities were alarming, said cybersecurity experts.
"The potential impact to companies, and even countries, could be massive," said Nathan Wenzler, chief security strategist at AsTech, a San Francisco-based security consulting company, "should an attacker exploit the vulnerability within the applications that control these robots."
Demonstrating how a 17-inch (43.18 cm) tall Alpha 2 robot from Ubtech could be programmed to violently jab a screwdriver, Apa said that even in the home, danger lurks.
"Maybe it's small and it's not really going to hurt right now, but the trend is that the robots are going to be more powerful," he said. "We tested industrial ones which are really heavy and powerful, and some of the attacks work with them."
(Source:www.reuters.com)
Homepage
Send to a friend
Printable version
Share
