“Robots are like candy for hackers”
- February 1, 2019
- Posted by: Kerry Tomlinson, Archer News
- Category: Archer News, Cyber Crime, Cyber Crime, Cyberattack, Cyberattack, Hacking, Industrial Control System Security, Posts with image, Ransomware, Robotics, Smart Devices, Vulnerabilities
A team of researchers has created a tool that helps the good guys track down vulnerable robots before the bad guys do.
The tool shows there are plenty of unprotected robots out there, ready to hack.
We’ve come a long way from the slow-learning, pancake-flipping robot of 2010.
Video shows the robot arm dropping cake after cake before finally nailing the landing in his pan.
And what if they had help, if the rise of the machines was powered by the rise of machine hackers who could use them in their own mechanical army?
“We have to make awareness. We have to talk about it, make research and expose the things we are finding,” said Odei Olalde Saez of Alias Robotics in Spain in an interview with Archer News.
Olalde Saez and his colleague, Gorka Olalde Mendia, demonstrate the danger, showing a robot they “captured”.
They found the garbage-sorting industrial bot in a search using their tool, and show us a live feed of the robot’s camera.
“You can see the cameras,” said Olalde Mendia. “You can calibrate them. You can do a lot of things. You have full control of the robot.”
“You are the boss there. So, you could command anything you wanted,” added Olalde Saez.
Someone could do damage, shut down the factory or punch workers nearby, according to the researchers.
“You could say, ‘Hey, move the robot arm 90 degrees, like 90 degrees to the right.’ And, boom, you will hit someone,” said Olalde Mendia.
But they’re the good guys, the researchers said.
They want to raise awareness of what their search tool found: about one hundred vulnerable robots and another 9,000 vulnerable routers that could lead to robots — and trouble.
Researchers at Brown University discovered about 100 exposed research robots online last year.
Why so many security holes?
More and more robots are connecting to the Internet.
But the Alias researchers said some companies making robots — and some companies installing robots — may feel no need to focus on security, since robot hacks are not widespread.
“I think people should be extremely worried about whether or not their tools have been properly secured,” said Rosanna Myers is CEO of Carbon Robotics in California.
Myers’ team is developing Katia, an intelligent arm for factories.
She told Archer News that robots currently have safety standards, so they don’t hurt people, but need security standards as well.
And it may take regulation to get every company to do it right, she added.
“It forces companies to be responsible. It forces them to think about things that maybe aren’t top of mind. aren’t a priority,” Myers said. “That’s one of the other reasons why I think that regulations are important. Because companies, in general, you can’t trust companies to do something they’re not pushed to do.”
Experts say more and more of these machines will join us at home and and at work.
And with them, the danger could grow, in part because we may see robots as friends or pets — not as a tool for attackers.
“What that means is our defenses are down,” Myers said. “We’re not saying, ‘This is machinery and this is potentially a portal for somebody bad to come in and do something that you don’t want.’”
It may be time to shut that portal.
What to Do?
“What should companies do? First of all, try to design robots in a secure way,” Olalde Mendia said.
The Alias researchers say companies making robots should also tell their customers how to protect them.
And customers should follow through.
The researchers’ advice includes:
- Keeping robots separate from the Internet & office IT networks.
- Changing the default password that comes with the machine, since attackers know the default passwords.
- Asking questions — and demanding answers — from robot manufacturers.
Check out robots online and do research before you buy, whether you run a factory or a restaurant, whether you’re doing robot research or just want an automated pal to play with you when you come home.
Right now, we may believe we’re in control of the robot.
But the robot, in the hands of an attacker, could someday control us.
“That’s the nightmare scenario,” said Myers. “Where somebody remotes into your house. They log in. You got a robot moving around and they can actually manipulate that.”
“I think people should be cautious — not afraid,” she added. “And should hold companies accountable.“
The researchers from Alias want people to use their new tool, called “aztarna,” a Basque word meaning foot print.
You can find information about aztarna here.