Robot makers 'slow to address hacking risks'

Researchers who warned half a dozen robot manufacturers in January about nearly 50 vulnerabilities in their home, business and industrial robots, say only a few of the problems have been addressed.

The researchers, Mr Cesar Cerrudo and Mr Lucas Apa of cyber security firm IOActive, said the vulnerabilities would let hackers spy on users, disable safety features and make robots lurch and move violently.

While they say there are no signs that hackers have exploited the vulnerabilities, the researchers say the fact that the robots were hacked so easily and the manufacturers' lack of response raise questions about allowing robots in homes, offices and factories.

"Our research shows proof that even non-military robots could be weaponised to cause harm," Mr Apa said. "These robots don't use bullets or explosives, but microphones, cameras, arms and legs. The difference is that they will be soon around us and we need to secure them now before it's too late."

Some of the robot manufacturers defended themselves, saying they had fixed some or all of the issues.

His comments come in the wake of a letter signed by more than 100 leading robotic experts urging the United Nations to ban the development of killer military robots, or autonomous weapons.

Mr Apa, a senior security consultant, said of the six manufacturers contacted, only one, Rethink Robotics, said some of the problems had been fixed. But he was not able to confirm that as his team does not have access to that robot.

A spokesman for Rethink Robotics, which makes the Baxter and Sawyer assembly-line robots, said all but two issues - in the education and research versions of its robots - had been fixed.

Mr Apa said a review of updates from the other five manufacturers - Universal Robots of Denmark, SoftBank Robotics and Asratec of Japan, Ubtech of China and Robotis of South Korea - led him to believe none of the issues had been fixed.

Asratec said software released for its robots so far was limited to "hobby-use sample programs", and it believed IOActive was pointing to security vulnerabilities in those. Software it planned to release for commercial use would be different.

Meanwhile, SoftBank Robotics said it had already identified the vulnerabilities and fixed them. Ubtech said it had "fully addressed any concerns raised by IOActive that do not limit our developers from programming" their robots.

Cyber security experts said the robot vulnerabilities were alarming, and cyber criminals could disrupt factories by ransomware attacks, or with robots slowed down or forced to embed flaws in products.

Even at home, danger lurks, said Mr Apa, demonstrating how a 17-inch-tall Alpha 2 robot from Ubtech could be programmed to violently jab a screwdriver.


A version of this article appeared in the print edition of The Straits Times on August 24, 2017, with the headline 'Robot makers 'slow to address hacking risks''. Print Edition | Subscribe