IOActive today released new research exposing numerous vulnerabilities found in multiple home, business and industrial robots. The vulnerabilities included many graded as high or critical risks.
Attackers could in theory spy through the robot’s microphone and camera, leak data and, in extreme cases, cause serious physical harm or damage to people and property.
According to Cesar Cerrudo, chief technology officer at IOActive, and Lucas Apa, senior security consultant at IOActive, once a vulnerability has been exploited, a hacker could potentially gain control of the robot for cyber-espionage, turn a robot into an insider threat, use a robot to expose private information or cause a robot to perform unwanted actions.
“In this research, we focused on home, business and industrial robots, in addition to robot control software used by several robot vendors. Given the huge attack surface, we found nearly 50 cyber-security vulnerabilities in our initial research alone, ranging from insecure communications and authentication issues, to weak cryptography, memory corruption, and privacy problems, just to name a few,” said Apa.
“We have already begun to see incidents involving malfunctioning robots doing serious damage to their surroundings, from simple property damage to loss of human life, and the situation will only worsen as the industry evolves and robot adoption continues to grow. Vendors need to start focusing more on security when speeding the latest innovative robot technologies to market or the issue of malfunctioning robots will certainly be exasperated when malicious actors begin exploiting common security vulnerabilities to add intent to malfunction,” said Cerrudo.