The News Today
__
7.22.19
Robots & Machines

It’s Really Easy for Hackers to Take Control of Robots

August 24th 18__Kristin Houser__Filed Under: Robots & Machines
Angel-Kun/Victor Tangermann

NOT CREEPY AT ALL. We’re finding robots in more places in our daily lives, but it’s still pretty weird to hear them speak. And when one utters are “Hello from the hackers,” well, we’re pretty solidly into nightmare territory.

The robot that spoke these words was Herb2, a bot built by researchers at the University of Washington. The people directing the robot to talk? They were clear across the country at Brown University.

The Brown team was using Herb2 to illustrate a point: hacking robots is far too easy.

They published their research on hacking robots on the non-peer-reviewed preprint server arXiv.

HUNTING ROBOTS. To save valuable time and resources, many roboticists like to use something called the Robot Operating System (ROS), an open-source collection of software libraries and tools useful for building robots. Because the ROS platform is fairly widely used and lacks any security features, it was the perfect target for the Brown team’s research.

They used a tool called ZMap to scan the internet for robots running ROS. Their search turned up about 100 internet-connected robots and determined that about 10 percent were actual robots (and not robot simulations). They figured this out through a bit of detective work, looking for identifiers indicating the connected bot had hardware, such as the phrases “camera_info,” “gripper,” and “sound_play.”

When the Brown team came across a vulnerable robot, they simply notified its owners that the bot wasn’t secure — except in the case of Herb2. Instead, they asked the bot’s creators for permission to prove that they could hack it.

Once granted, they instructed the robot to utter its eerie greeting. The paper gets into a lot of technical detail about this, but basically all you need to know is that it wasn’t all that hard.

FAIR WARNING. The ease with which the Brown team took over Herb2 should serve as a wake-up call to roboticists everywhere, but at least some experts worry that it won’t.

“No one’s really thinking about security on these types of things,” computer scientist George Clark told Wired.​ “Everyone’s just putting things out there trying to rush to market, especially in a research type of environment. My worry is how this carries over to a more industrial or consumer market.”

We’re definitely heading toward an era in which robots are far more prevalent. And if we don’t want them suddenly acting as puppets for malicious actors, we’re going to need to pay a lot more attention to their security.

READ MORE: The Serious Security Problem Looming Over Robotics [Wired]

More on hacking: Watch as a World-Renowned Hacker Shows You How It’s Done