Vulnerabilities across multiple robots is leaving cyber-security experts scratching their heads, wondering why we are making the same old mistakes again.
IOActive has discovered more than 50 vulnerabilities across multiple robots within the home, business and industrial sectors. A number of these have been classified as being of either high or critical risk. Which leaves a whole bunch of robots at risk of being attacked by hackers, cyber-criminals or nation-state actors. Vulnerabilities have been identified within robots from leading vendors in the robotics sector, including: Rethink Robotics (Baxter and Sawyer robots), ROBOTIS (ROBOTIS OP2 and THORMANG3 robots), SoftBank Robotics (NAO and Pepper robots), UBTECH Robotics (Alpha 1S and Alpha 2 robots) and Universal Robots (UR3, UR5, UR10 robots).
The paper ‘Hacking Robots Before Skynet’ [PDF] was the result of six months intensive testing of mobile applications, robot operating systems, firmware images and miscellaneous software by IOActive researchers Cesar and Lucas. It turns out that Cesar is none other than IOActive chief technology officer Cesar Cerrudo, while Lucas is IOActive senior security consultant Lucas Apa. SC Media took the opportunity to speak to both about their findings.