Study Finds Serious Security Concerns with Robots

As a kid, my two favorite television shows were The Flintstones and The Jetsons. While I liked the idea of having a dinosaur as a pet, I knew that was never going to happen. But that stuff in the world of George Jetson – the flying cars, zipping off to Mars for dinner, having a robot maid named Rosie – were how millions of us envisioned our future.

We know the flying cars and Mars dining experiences aren’t quite here yet, but robots are very much a part of our everyday lives. Earlier this year, the Chicago Tribune considered the idea of replacing workplace leadership with artificial intelligence:

It would not require too much for AI to outperform average managers, let alone bad ones. It is as if the automation of drivers would have to outperform a majority of inept drivers, who crash and cause injuries to themselves and others on a regular basis.

On the surface, it would make sense, especially as more of our manufacturing and other tasks are completed by robots. However, there is a problem with the rise of robots and AI that goes beyond taking away jobs from human beings. Robots have security vulnerabilities that could create an untold number of risks. Trend Micro and Polytechnic University of Milan recently looked at how robots can be compromised, stating in a report:

In industrial devices, the impact of a single, simple software vulnerability can already have serious consequences. Depending on the actual setup and security posture of the targeted smart factory, attackers could trigger attacks that could amount to massive financial damage to the company in question or at worst, even affect critical goods. Almost all industry sectors that are critical for a nation are potentially at risk.

A hacked robot arm could be programmed to throw off the dimensions of a vehicle, for example, just enough that it could go undetected on the production line but result in a catastrophic structural problem resulting in accidents. Robots have similar vulnerabilities to other connected devices – passwords either aren’t used or the default passwords are kept in place, making it easier for hackers to gain access; software is outdated or unpatched; or the internet connection itself is unsecure.

The real problem is that these aren’t unique or even new security problems. They are the types of issues that all of us face (or ignore) across industries, across devices. The report said its goal was to find out why security for robots hasn’t improved over the years. The researchers did an impressive job of listing a variety of attack scenarios and where the vulnerabilities are most likely to be found, and yes, it did come up with a list of reasons on why security continues to be a problem – I recommend you take a look at the report because it is comprehensive, but I’ll give you a preview. Human behavior has a role to play in robot security. But robotic security is a very complicated issue, and as Mocana CTO Dean Weber told me in an email comment:

The ease by which attackers can make their way into industrial systems underscores the need to secure devices at their core, by embedding defense in the hardware and firmware used to operate things like robotic arms. There is simply no way, as this report shows, to stop cybercriminals from finding ways into manufacturing plants and other industrial facilities via the Internet. There, are, however, ways to stop intruders from taking control of devices they find.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba