When sci-fi writer Isaac Asimov envisaged a world in which ubiquitous robots had alleviated the need for any human labor, he predicted an immutable set of three laws that would govern their behavior. The first law stated: “A robot will never harm a human being, or by inaction, allow a human being to come to harm.”
Nice idea, Isaac, but in real life? Not so much.
At least, not with existing domestic and industrial robots. They are vulnerable to hacking and remote take-over by attackers who could easily override any safety measures and cause them to harm or even kill people, according to new research.
The kinds of cybersecurity vulnerabilities that the researchers found were depressingly predictable: Insecure communications protocols, authentication issues, weak cryptography, weak default system configurations and vulnerable open-source robot software libraries.
“The main problems we found were with industrial robots, because they are very strong and could potentially cause more physical harm than home or business robots,” said Lucas Apa, of IO Active, one of the researchers who found the vulnerabilities.
Industrial robots have hurt or even killed factory workers before, although there’s no evidence that this was due to hacking.
“A robot is just a machine controlled by a computer,” said Apa, “Once you can access the operating system, you can disable any safety features.” Indeed, he said, many industrial robots came with safety features designed to be switched off on command.
“We found this to be a typical practice,” said Apa, vendors “want to provide their customers with flexibility.”
Even home robots — endowed with much less physical strength and speed — could spy on their owners via their microphones and cameras, start fires by tampering with electrical equipment or even poison family members or pets by mixing toxic substances in with food or drinks.
Domestic robots integrated with smart home automation systems could unlock doors and deactivate alarms, “making them a new best friend to burglars,” states the report. Even unintegrated robots, if they can talk or allow an attacker to talk through speaker, “could tell voice-activated assistants [like Siri or Alexa] to unlock doors and disable home security.”
“In the future, home robots will become stronger and faster,” predicted Apa, making them as potentially dangerous as their factory counterparts. And the number of features will increase — creating a an ever larger attack surface.
“Security is not a market differentiator,” he said, “The manufacturers want to show how clever and agile their robots are, not how secure.”