The software and firmware that bring robots to life are affected by potentially serious vulnerabilities that can allow hackers to remotely take control of the machines, according to an analysis.
Robots are increasingly common in homes, businesses, industrial environments, the military and law enforcement, and healthcare organizations. International Data Corporation (IDC) estimated in January that worldwide spending on robotics and related services will reach $188 billion in 2020.
There have been many cases in the past years where people were injured or killed in accidents involving robots, but experts warn that robots could pose a serious threat if they are vulnerable to remote hacker attacks.
Researchers have analyzed home, industrial and business robots from six different vendors: SoftBank Robotics (NAO and Pepper robots), UBTECH Robotics (Alpha 1S and Alpha 2), ROBOTIS (ROBOTIS OP2 and THORMANG3), Universal Robots (UR3, UR5 and UR10), Rethink Robotics (Baxter and Sawyer), and Asratec Corp (V-Sido robot control system).
The researchers have not acquired the actual robots and instead conducted tests on their mobile applications, software and firmware.Researchers identified nearly 50 vulnerabilities in the tested components, but as noted that they did not conduct an in-depth analysis, which suggests that the actual number of weaknesses is likely much higher. The company has only published a paper providing a non-technical description of the vulnerabilities. Technical details will be made available after vendors have had a chance to address the flaws. It has notified all affected vendors.
SoftBank Robotics,who is an affected one , said they were going to fix the issues but without any further details on when and how they are going to do it and what issues they were going to fix. Universal Robots haven’t mentioned if they are going to fix the issues or not.
According to researchers, the robots it has analyzed are affected by various types of vulnerabilities, including problems related to communications, authentication, authorization mechanisms, cryptography, privacy, default configurations, and open source components.
The flaws allow attackers to intercept communications between the robot and the application controlling it, remotely access critical services without a username and password, install malicious software, and extract sensitive information that is not encrypted properly.
Researchers said the vulnerabilities they identified can be exploited for spying via the robot’s camera and microphone, steal personal or business data, and even take control of the machine and cause physical damage or harm.