According to the researchers of IOActive, robotic devices which are flooding the IoT market are extremely vulnerable to cyber attacks. In an introductory paper “Hacking Robots before Skynet”, researchers confirmed that connected robotic devices are facing cybersecurity risks such as authentication and privacy.
With regards to the rapid proliferation of robotic devices, the researchers are offering the following statistics-
a.) The global spending on robotics will reach $188 billion USD figure by 2020.
b.) Researchers estimate that the venture capital investments reached $587 million USD in 2015 and will reach $1.9 billion USD in 2016.
c.) When compared to the stats of 2015, Factories and Businesses in the USA added 10% more robotic devices to their work environments in 2016.
Coming to the vulnerabilities which were discovered by the researchers, their analysis is as follows-
A robot mainly consists of physical parts, an operating system, firmware, software and mobile/remote control applications, vendor internet services and cloud services along with a network/s. The authors of the paper claim that the whole ecosystem is presenting a huge attack surface with numerous options for cyber attacks.
As per the study, around 50 cyber security vulnerabilities were found by the researchers while testing robotic devices of various brands. For some, it can look like a substantiate number. But remember, the study carried out by the researchers was not too deep like the one carried out in an extensive security audit.
The following are some of the top cyber security problems discovered by the researchers of the paper-
Insecure communication– As of now, robots connect to the internet through Bluetooth or Wi-Fi. So, the concern is while sending traffic as clear text over wireless. Even if the traffic is being sent in encrypted form, it is either weak or improperly used. Cyber crooks have now the sophistication to read info from clear text or poorly encrypted text. And this is enough to launch cyber attacks.
Authentication Issue- Generally, companies manufacturing robotic devices should only allow authorized personnel to meddle with the commands and programming of robots. But in reality, this is not happening, as manufacturers are allowing anyone to gain remote access to those services without a password.
Missing authorization- Only users who have the authorization to operate should gain access to robotic device’s functionality. But the researchers from IOActive found that most manufacturers of robotic devices are ignoring the basic fact of protecting the device functionality. And this includes critical functions such as the installation of applications in the robots themselves.
Privacy factor- In most cases, the study found that robots are sending private info to remote servers without user consent. This includes mobile network info, device info, and current GPS location. Suppose, all this info falls into the hands of bad guys then they could smartly use the data to exploit the devices for surveillance and tracking and that too without the knowledge of the user.
Weak default configuration- Most manufacturers are offering secure configuration features which cannot be disabled or protected. Some offer default passwords to protect factory settings which are easy to surpass for hackers.
Finally, the researchers concluded if robots ecosystems continue to vulnerable to hacking, robots could do more harm to humankind, instead of helping us.
And this may even spell a doom to entire human kind.
