SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
CIOs
#
Industrial
AI & robotics severely lacking in cyber protection, new research finds
Thu, 2nd Mar 2017
FYI, this story is more than a year old
Author image
By Sara Barker, Copywriter and Senior News Editor
Follow us

There are gaping vulnerabilities in business, industrial and home robots, many of which are high or critical risk and wide open to cyber attacks, a new research paper from IOActive has found.

The research, titled “Hacking Robots Before Skynet,” found 50 cybersecurity vulnerabilities across all devices. Those vulnerabilities include everything from insecure communications, authentication issues, weak cryptography, memory corruptions and privacy problems - all across what the company calls a ‘huge attack surface'.

Attackers can use those issues to become an insider threat. They could maliciously spy using the device's microphone and camera, leak personal business data, host malware, or cause severe harm to people and property.

The research also states that because researchers use the same or similar tools and practices worldwide, no additional cybersecurity protection is added. Prototypes and research are also left open to attack.

The research also cites a 2009 study from the University of Washington, which found that robots did not protect security and privacy. Since then, nothing has changed, the authors state.

Cesar Cerrundo, IOActive's CTO and co-author of the research, says AI and robots will become the new norm across the industrial, business and consumer space.

“Given this proliferation, focusing on cybersecurity is vital in ensuring these robots are safe and don't present serious cyber or physical threats to the people and organizations they're intended to serve,” he says.

For the study, researchers tested mobile applications, firmware images and software across on robots across vendors such as Asratech Corp, Rethink Robotics, ROBOTIS, SoftBank Robotics, UBTECH Robotics and Universal Robots.

“We have already begun to see incidents involving malfunctioning robots doing serious damage to their surroundings, from simple property damage to loss of human life, and the situation will only worsen as the industry evolves and robot adoption continues to grow,” Cerrudo says.

The research paper also looks at security precautions that vendors should take, including authentication authorisation, Secure Software Development Life Cycle (SSDLC) encryption, security audits, vulnerability disclosure, education, securing the supply chain, factory restore and others.

“Vendors need to start focusing more on security when speeding the latest innovative robot technologies to market or the issue of malfunctioning robots will certainly be exasperated when malicious actors begin exploiting common security vulnerabilities to add intent to malfunction,” Cerrudo concludes.

IOActive operates globally, with a regional hub in Hong Kong.

Related stories
Half of online traffic in 2024 generated by bots, report finds
Understanding the key to boosting cybersecurity habits: Kaspersky study
Keeper Security launches user-friendly passphrase generator
Axis unveils hybrid cloud platform for adaptable security solutions
Spirent partners with online payments platform to boost cyber defenses
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Coalition integrates cyber risk platform with top cloud services providers
i-PRO to support Genetec SaaS with new AI-enabled camera models
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
RiverSafe teams up with Cribl to boost IT & data security services