Report: That cool robot might be a security risk
SAN FRANCISCO — In the coming age of robotics, many of those autonomous machines will be internet-connected and mobile. What could possibly go wrong?
Significant security flaws were found in an examination of six home and industrial robots, according to a report released Wednesday by IOActive, a computer security consulting firm with headquarters in Seattle.
The report notes that only four of the six companies responding to the firm’s alert, and only two said they planned to make patches after being informed of the problems.
The researchers, who described the categories of vulnerabilities they had discovered in the report but not the specific flaws, said their research was simply an early reconnaissance of the field.
“It’s important to note that our testing was not even a deep, extensive security audit, as that would have taken a much larger investment of time and resources,” the authors wrote. “The goal for this work was to gain a high-level sense of how insecure today’s robots are, which we accomplished.”
Despite the general nature of the report, industry specialists warn that if robot makers fail to take a security-first approach, it may haunt them.
“The desire for online commerce brought strong cryptographic algorithms into our daily lives,” said Joe Britt, the chief executive of Afero, a Los Altos, Calif.-based maker of secure communications systems for the world of so-called embedded computing. “As embedded systems for sensors and robotics flourish in the next wave of computing, failure to apply these proven safeguards is like leaving the locks off of our doors.”
Given the popularity of stationary home robotic systems like Amazon’s Echo and Google’s Home personal assistants as well as dozens of other internet-connected devices like doorbells, video cameras and even light bulbs, it appears that consumers are willing to trust that manufacturers are building adequate security into the products.
The authors of the new report challenged the robotics industry, saying that not enough attention was being given to well-known security issues that have proved devastating for existing commercial computer networks.
“We call it an internet-of-things with arms and legs and wheels,” said Cesar Cerrudo, chief technology officer of IOActive.
“The report identifies security flaws in a number of robots, including NAO and Pepper home robots made by SoftBank Robotics; and manufacturing robots from Universal Robots and Rethink Robotics, two makers of robot arms that are intended to collaborate with human workers in assembly line applications.
Two of the criticisms leveled by the researchers actually involved “features” added for research and education markets, according to Gil Haylon, a Rethink Robotics spokesman.
He added that other vulnerabilities had been “phased out” in the latest software release for the company’s Baxter and Sawyer robots, which are intended for light assembly operations.
Universal Robots said it was looking into the issue raised by the researchers. The other companies did not immediately respond to requests for comment.