Story image

Security experts demonstrate that ransomware attacks on robots are possible

13 Mar 18

Researchers at security firm IOActive managed to conduct what might be the world’s first ransomware attack on robots last week – a method that if used in the wild could disrupt the booming robotics market.

The robotics spending market is expected to reach $230.7 billion by 2021 according to IDC, and robots already play a significant part in the industrial manufacturing, automotive and other industries.

IOActive researchers Cesar Cerrudo and Lucas Apa say that ransomware was typically about targeting information in exchange for money in the past, but as the interaction between robots and humans evolve the attack scenarios will also evolve.

“It’s no secret that ransomware attacks have become a preferred method for cybercriminals to get monetary profit by encrypting victim information and requiring a ransom to get the information back,” comments Apa.

The team decided to conduct a proof-of-concept ransomware attack on the commercially-available Petter and NAO robots, both of which use the same operating system and are developed by SoftBank Robotics. The company has sold more than 30,000 robots to date.

They injected custom code into behaviour file classes, which altered the robots’ behaviours to be malicious.

“Possible malicious behavior on an infected robot includes complete interruptions in service, pornographic content on the robot display, the use of curse words, even doing violent movements. The infected robot could also be an entryway into other internal networks at a business, offering backdoor access to hackers and an entry point for layer penetration to steal sensitive data.”

Apa says the results were ‘astonishing’.

“Ransomware attacks could be used against business owners to interrupt their businesses and coerce them into paying ransom to recover their valuable assets. The robots could also malfunction which may take weeks to return them to operational status. Unfortunately, every second a robot is non-operational, businesses and factories are losing lots of money.”

IOActive informed Softbank of its findings in January 2017, however they are not aware of any fix for the problem.

Last year the research duo found approximately 50 vulnerabilities in robots from various vendors. Attackers could potentially use the vulnerabilities to spy via the robot’s microphone and camera, leak data or cause serious harm.

“Even though our proof of concept ransomware impacted SoftBank’s NAO and Pepper robots, the same attack could be possible on almost any vulnerable robot," Apa says.

"Robot vendors should improve security as well as the restore and update mechanisms of their robots to minimise the ransomware threat. If robot vendors don’t act quickly, ransomware attacks on robots could cripple businesses worldwide,” Apa concludes.

Commerce Commission report shows fibre is hot on the heels of copper
The report shows that as of 30 September 2018 there were 668,850 households and businesses connected to fibre, an increase of 45% from 2017.
Mac malware on WatchGuard’s top ten list for first time
The report is based on data from active WatchGuard Firebox unified threat management appliances and covers the major malware campaigns.
Big Bash Boom gives us cricket with power-ups
From the moment you hit play, you know that Big Bash Boom isn’t your usual cricket game. 
Bin 'em: Those bomb threat emails are complete hoaxes
A worldwide spate of spam emails claiming there is a bomb in the recipient’s building is almost certainly a hoax.
The tech that helped the first woman to sail around Australia
Lisa Blair used devices from supplied by Pivotel to aid her in becoming the first woman to circumnavigate Australia non-stop.
Marriott sets up call centres to answer questions on data breach
Marriott has released an update on the breach of the Starwood guest reservation data breach which affected 500 million guests.
How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Hands-on review: The Logitech R500 laser presentation remote
With a clever ergonomic design, you’ll never have to glance at the device, unless you deliberately look to use the built-in laser pointer to emphasise your presentation.