Robotics developers who already have to deal with security vulnerabilities have to add one more concern: robot ransomware.
A team of researchers from the company IOActive presented a proof of concept with a ransomware attack on two popular company robots: Pepper and NAO, from SoftBank Robotics. Both are programmable and autonomous robots designed to interact with humans. One of IOActive's experts, Lucas Apa, showed that he could take control of a robot and introduce malicious code into its behavior modules through a public Wi-Fi network.
After taking control of the robot in a matter of seconds, a hacker could turn it into a ransomware tool, for example by demanding money in exchange for its recovery, just as this malicious software can hold a computer system or other device connected to the network. .
How to make robots more secure in the face of cyber attacks?
"With our research, we want companies to be aware of the possible threats and to start implementing security at an early stage, because otherwise, it becomes too expensive to solve these problems," says Apa.
In their study, they comment that most robots do not have an easy solution when the software malfunctions.
Industry should make robots more secure against this type of attack, experts commented
"Ironically, during our investigation, our robot started to malfunction." Sending the robot to the United States and dealing with shipping costs and customs handling turned out to be costly, "they clarify." Most companies will probably not want customers to return the robots if they suffer a ransomware attack, "he added. .
The ransomware robot demonstration was created from previous research that the IOActive experts created in 2017, when they discovered almost 50 vulnerabilities in 13 different robots, which included errors that could allow hackers to spy on people through the microphone and the camera of a robot. These defects could also allow someone to cause an industrial robot to cause physical damage.
Examples of ransomware for robots
In the example of ransomware, possible attacks could include service interruptions, use of offensive speech or even display pornographic content on the robot's screen.
An infected robot could also be used as an entry point to access other devices within an internal network, which would allow computer intruders to steal more valuable data from a company.
One of the 'problems' is that the firmware images of many of these robots are available for free on the Internet.
In addition, an attacker would not need to have physical access to the robot to test its attack, since many of these robotics companies offer developers emulators and simulators for the robots. "You do not need a robot to test," said Apa.
Dear friend, you do not appear to be following @wafrica. Follow @wafrica to get a valuable upvote on your quality post!