A mounting list of robot-related accidents has experts questioning whether the devices will be prone to more dangerous malfunctions or even programmed attacks.
Notable mishaps that have been documented include a robotic security guard knocking over a child at a California shopping mall, a demonstration robot smashing a window at a Chinese conference—it caused a bystander to get injured, and 144 deaths in the United States caused by robotic surgery. All this according to security firm IOActive.
+ Also on Network World:How secure are home robots? +
These incidents “clearly demonstrate the serious potential consequences of robot malfunctions,” the consultancy says in a white paper it recently published about existing robot security (PDF).
The firm says it’s only a matter of time before even more serious incidents occur unless action is taken.
And it could get sinister, too.
“Similar incidents could be caused by a robot controlled remotely by attackers,” it says. “We’ve found [existing] robot technology to be insecure in a variety of ways, and that insecurity could pose serious threats to the people, animals and organizations.”
The company’s findings include 50 cybersecurity vulnerabilities discovered in current robotic products, such as unencrypted control communications, authentication problems such as not requiring a valid username and password, and insufficient authorization that could allow hackers to overwrite firmware.
SoftBank Robotics, UBTECH Robotics and ROBOTIS home robots were among the fails IOActive says it discovered. Industrial robots from Universal Robots and Rethink Robotics had problems, as did control software maker Asratec Corp.
The trouble includes “vulnerable open source robot frameworks and libraries,” too.
Nightmare robot scenarios
One of the big problems is the number of sensors at play in current robots. Microphones and cameras, along with network connections and external services, add to vulnerabilities. Remote control, for example, should be secure in order to stop malicious commands getting sent to the robots. Havoc could ensue if robots aren’t secured better, the firm claims.
And it could be dire. In the case of a home robot, the house could be physically damaged if the robot were hacked. And worse “compromised robots could even hurt family members and pets with sudden, unexpected movements,” the company says.
Kitchen fires and poisoned drinks are further scenarios posed by the security firm. “Family members and pets could be in further peril if a hacked robot was able to grab and manipulate sharp objects,” the researchers say.
Less dramatic, but equally problematic, would be robots unlocking doors—allowing the bad guys in. The robot might not even have to perform the physical act; it could simply tell a home automation voice assistant, such as Alexa or Google, to turn off the security system while the property owners are out.
In business, the potential problems are equally alarming: “A hacked robot could be made to use inappropriate language” and deliver wrong orders. It could also physically damage business assets through set fires or pilfer bank card data.
Robots are currently used to assist customers at stores and are increasingly expected to be a part of future healthcare, among other uses.
Security audits, Secure Software Development Life Cycle (SSDLC) processes, encryption and secure default configurations are among the measures robot manufacturers must take, the researchers say.
Industrial-sized robots could be the most trouble of all because of their size, IOActive claims.
“A hacked industrial robot could easily become a lethal weapon,” the company says.