That Cool Robot May Be a Security Risk
By JOHN MARKOFF
Mar 1 2017
SAN FRANCISCO — In the coming age of robotics, many of those autonomous machines will be internet-connected and mobile.
What could possibly go wrong?
Significant security flaws were found in an examination of six home and industrial robots, according to a report to be released Wednesday by IOActive, a computer security consulting firm with headquarters in Seattle. The report notes that only four of the six companies responded to the firm’s alert, and only two said they planned to make patches after being informed of the problems.
The researchers, who described the categories of vulnerabilities they had discovered in the report but not the specific flaws, said their research was simply an early reconnaissance of the field.
“It’s important to note that our testing was not even a deep, extensive security audit, as that would have taken a much larger investment of time and resources,” the authors wrote. “The goal for this work was to gain a high-level sense of how insecure today’s robots are, which we accomplished.”
Despite the general nature of the report, industry specialists warn that if robot makers fail to take a security-first approach, it may haunt them.
“The desire for online commerce brought strong cryptographic algorithms into our daily lives,“ said Joe Britt, the chief executive of Afero, a Los Altos, Calif.-based maker of secure communications systems for the world of so-called embedded computing. “As embedded systems for sensors and robotics flourish in the next wave of computing, failure to apply these proven safeguards is like leaving the locks off of our doors.”
The research underscores the potential security challenges that await the world of mobile robots. Given the popularity of stationary home robotic systems like Amazon’s Echo and Google’s Home personal assistants as well as dozens of other internet-connected devices like doorbells, video cameras and even light bulbs, it appears that consumers are willing to trust that manufacturers are building adequate security into the products.
It is common for manufacturers that do not have good security practices to not know how to deal with vulnerability reports. Most of them probably do not have a procedure in place to handle reports and neither to provide security fixes to customers.
Robots are widely used in manufacturing. But they are largely systems like robot arms that do not have autonomous functions and cannot move around in the environment.