Robots on the Internet can be Hacked

Study at Brown University exposes the vulnerabilities of the Robot Operating System (ROS), primarily used in research robotics.

Robots on the Internet can be Hacked
Hacking Robots: Easier than previously thought

The digital age has seen us extend our physical selves and include several gadgets and appliances as part of our daily being. As Artificial Intelligence (AI) and Machine Learning (ML) keeps breaking barriers, we deploy more autonomous systems in various frontiers of technology. The past decade has often raised the question of ‘security’ in terms of actively securing such autonomous systems from the hands of hackers. The dominant platform used in research robotics, Robot Operating System (ROS), was recently found to be prone to hacking and controlled remotely – asking some critical questions regarding the future of security in the field of robotics.

Security has been at the forefront of any technological debate since the advent of the internet and computers. Hackers have often penetrated systems controlled by users in the past, and autonomous systems were placed to nullify the occurrence of such intrusion. However, hacking them is only a question of superseding their artificial ‘intelligence’, something that hackers see as a challenge more than anything. Despite its name, the ROS is not an actual operating system (OS), but a framework and set of tools that provide the functionality of an OS on a heterogeneous computer cluster. The framework is used in robotics to work on a peripheral hardware, and its usage is not limited to robots.

Over three different periods from 2017 to 2018, researchers from Brown University ran a worldwide scan to look up hosts running ROS. The scan revealed that 100 systems running ROS, 19 of which were fully functional robots, were exposed to hackers. Acting as white hat hackers themselves, the researchers managed to control these robots remotely. One of the exposed systems was that of Siddhartha Srinivasa, a professor of Computer Science at the University of Washington and a collaborator of the research team. The researchers, with his permission, managed to take control of the robot and use its camera and even make it speak as per their will.

Research showcasing the lack of security in autonomous has been prevalent over the past few years. One such research, led by Positive Technologies, exposed the vulnerabilities of a robotic vacuum cleaner. The researchers managed to successfully turn the vacuum cleaner into a surveillance device. The thought of a robotic vacuum cleaner recording your personal conversations is indeed distressful. Imagine if researchers exposed the vulnerabilities of Amazon’s Alexa, the AI based home assistant that gathers personalized information to give suggestions. Security should be the primary concern for such devices, not only to safeguard personal information but also to restrict their usage for any malicious purposes.

The Brown University research has shown that such ROS could be hacked to control the robots remotely – either to spy on camera feeds or even to send commands to move the robots around. Robots have several uses in today’s society – from acting as an artificial limb to reading brainwaves to move the wheelchair of a handicapped person. If these systems are compromised, they could be used to perform malicious tasks that then gets blamed on the human dependent on them.

The findings are a warning that users’ needs to be mindful of security in an increasingly connected world. “Though a few unsecured robots might not seem like a critical issue, our study has shown that a number of research robots are accessible and controllable from the public Internet,” the research team said. The use of firewalls and Virtual Private Network (VPN) is important as they provide one additional line of defense against remote-control. In the end, the researchers hope that people are more mindful of security while running ROS in their private or government laboratories.