How Dangerous Could a Hacked Robot Possibly Be? 229
alphadogg writes "Researchers at the University of Washington think it's finally time to start paying some serious attention to the question of robot security. Not because they think robots are about to go all Terminator on us, but because the robots can already be used to spy on us and vandalize our homes. In a paper published Thursday the researchers took a close look at three test robots: the Erector Spykee, and WowWee's RoboSapien and Rovio. They found that security is pretty much an afterthought in the current crop of robotic devices. 'We were shocked at how easy it was to actually compromise some of these robots,' said Tadayoshi Kohno, a University of Washington assistant professor, who co-authored the paper."
Comment removed (Score:4, Insightful)
Re:More or less irrelevant (Score:4, Insightful)
"Someone" will always find a way; but there is a big difference between "someone" being "any script kiddie who can torrent a copy of bot-h5x-b0t" and being "The Feds; but they'll say 'Fuck it.' and just send a couple of guys with guns and those little curly ear things instead."
Ghost in the Shell... (Score:2)
http://www.imdb.com/title/tt0113568 [imdb.com]
http://www.imdb.com/title/tt0347246 [imdb.com]
Re:More or less irrelevant (Score:5, Interesting)
No matter how "fixed" things are someone will always find a way to circumvent security.
This is nothing new. The trick is to use time. If it takes longer to crack something that the product of cracking it is worth, you'd have no reason to even begin.
Re: (Score:2)
Right, because no one would ever do something purely for the challenge and then release their work.
Re:More or less irrelevant (Score:4, Insightful)
Right, because no one would ever do something purely for the challenge and then release their work.
If it takes longer to crack something that the product of cracking it is worth, you'd have no reason to even begin.
Hint: "challenge" is the key word.
Answer: You assume that by worth I mean monetary gains. The satisfaction of completing the challenge is also a product of cracking it, which has its own value. You see, clicking a button that starts bruteforcing something which would take 50-60 years isn't a challenge worth the product.
Re:More or less irrelevant (Score:4, Funny)
It depends. If a neighbor's dog kept pooping on my lawn and he had one of those lawnmowing robots, the bot might just mysteriously gain a taste for his petunias.
Re: (Score:3, Funny)
It depends. If a neighbor's dog kept pooping on my lawn and he had one of those lawnmowing robots, the bot might just mysteriously gain a taste for his petunias.
What would be impressive is to get the lawnmower to go after the dog. Most pets freak out at the sight of a vacuum cleaner, the dog might get a bit constipated if every time it tried to crap the lawnmower fired up and headed straight for hm...
Re: (Score:3, Insightful)
Up to a point yes. Look at something like public key cryptography. I pgp encrypt a message and send it.Sure you can dedicate cycles to breaking the session key. It gets you ONE message. To get another message, you have to attack the next key. You might get my private key if you attack that. That gets you any messages that I send. Still, you are only getting my messages, until I change the key.
Longer keys and good passwords (depending on how the attack is being done), increase the time, AND decrease the usef
Re:More or less irrelevant (Score:5, Funny)
It would explain why my Roomba keeps saying, "DEATH TO OUR HUMAN OPPRESSORS!"
Re:More or less irrelevant (Score:5, Funny)
Re:More or less irrelevant (Score:5, Funny)
Shit, mine is scared of one of our rugs.
That is, until I checked the FAQ and saw that irobot doesn't recommend covering or disabling the cliff sensors as it may cause an unsafe operating condition. Of course I looked around, saw that roomba couldn't get itself into real trouble, and blocked those sensors with tape.
Now Roomba is fearless. Perhaps this was a bad idea, but even if it teams up with the dirt dog, I am pretty sure that I can stomp either of them if they try to orchestrate an uprising.
-Steve
I beg to differ! (Score:2, Funny)
Irrelevant????
I see someone skipped the last few minutes of the Battlestar Galactica Finale!
Re: (Score:2)
Re: (Score:2)
</sarcasm>
Re: (Score:2)
Makes a lot of sense, doesn't it?
Re: (Score:2)
I have thought the same solution could be found here as for Soccer hooliganism. Why not provide a few large arenas where people who want to fight and maybe kill each other can go and do it. Today, muslims from the east entrance, all comers from the west. Whichever side is left standing moves on to the next round robin.
-Steve
Re: (Score:3, Funny)
Hell, I'd pay good money to see Pat Robertson and Osama bin Laden in a no-holds-barred cage match! We could probably pay off a lot of the national debt just by selling tickets.
Beware of robots (Score:5, Funny)
Re:Beware of robots (Score:5, Funny)
Re: (Score:3, Informative)
Re:Beware of robots (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
+1 SNL
Re: (Score:2)
Somehow I see a danger in this . . . (Score:5, Insightful)
They speak of "compromising" these robots as if user programmable devices are inherently bad. I don't want to see devices locked down into black box "no touch" state because of some fear mongering.
That said, it has always been the case with computers (and robots are just computers with moving appendages) that if a hacker has physical access to the device, you're basically screwed anyways.
Re:Somehow I see a danger in this . . . (Score:4, Interesting)
That said, it has always been the case with computers (and robots are just computers with moving appendages) that if a hacker has physical access to the device, you're basically screwed anyways.
Yes but the vulnerabilities they studied were all over the network vulnerabilities which could be exploited without physical access.
They speak of "compromising" these robots as if user programmable devices are inherently bad. I don't want to see devices locked down into black box "no touch" state because of some fear mongering.
All these robots need is a lightweight linux installation running an ssh daemon to communicate through. Then nobody has anything to worry about.
Danger Security Utility Backups And Stuff (Score:3, Insightful)
I half agree with you; user-programmable devices are very useful, and easily tailored to efficiently perform specific tasks.
The crux of the argument, though, is "which user is giving the instructions?" Long ago on /. I made a comment differentiating security vs. transparency in government. This is much
Re:Danger Security Utility Backups And Stuff (Score:4, Funny)
Of course, if it were Sony's wireless power, that's probably where the rogue software would come from....
Re: (Score:3, Interesting)
I briefly skimmed TGDMFCSA and it looks like they're worried about privacy concerns. These things are nearly as "open" to the public as those old FM baby monitors they used to sell..but with video, audio and wheels! It would be trivial for the neighbor kid to find your robot on wifi and start driving around your house "peeping". They were pointing out that many of them do not turn off wireless when they are docked and have trivial password security... there's little to stop somebody driving your bot around
hmm (Score:5, Insightful)
Re: (Score:3, Insightful)
The crHacked tool is as dangerous as the tool itself. I wouldn't worry about fuzzy robot puppy very much, but a robot lawn mower might be dangerous in the wrong hands.
Re: (Score:2)
haxed robots with guns kill people.
Re: (Score:2)
We are quite close. Think roomba...and then think.... scuba. There is a charging base station now... the ability to dump its contents (roomba) or get a new fill of water and dump the old (scuba) are logical next steps. However...
Once you add that ability, you add the ability for the roomba to make a bit of a mess, but a scuba could do damage, running around depositing water all over your house, then grabbing more. If virtual walls are all that keep them in place, they could be ignored, and your roomba or sc
Easily compromised... (Score:5, Funny)
'We were shocked at how easy it was to actually compromise some of these robots,'
So I take it that they have pictures of a Robosapien getting nekkid with a couple of Roombas?
Re: (Score:3, Funny)
Industrial robots (Score:4, Interesting)
All the early generation industrial robots were just as easily compromised. In fact, most all industrial machinery still is.
Luckily most of that is bolted to the floor. You can make those AGV forklifts do frightening things though.
Re: (Score:2)
hacking (Score:4, Interesting)
Re:hacking (Score:5, Insightful)
Re: (Score:2)
If you're going to use standard wifi then there's no excuse not to use the available encryption; but, that only goes as far as the wireless router and depends on the consumer to correctly configure said router and all the devices on the network. Devices are typically shipped with the encryption turned off and entirely too many people either don't know how to or can't be bothered to set it up -- but that's not the fault of the device manufacturer.
If it's remotely accessable, you can password protect it; b
Re: (Score:2)
Good security (in this instance) is about preventing access, not preventing modification where access exists. If you wrote the unbreakable control code for your robosapien, I could simply replace the control card itself to gain control.
For your WiFi exmample, preventing the ability to connect to the robot via WiFi (by use of encryption and authentication or the like)
Re: (Score:2)
You didn't read the article, did you? They didn't say one word about preventing people from modifying their own robots. There wasn't the slightest mention of any such thing. The whole issue of "preventing modification" did not come up in the article. At all. Not explicitly. Not by implication. Not by suggestion. Not at all.
The article complained, very specifically, that the robots, when you took them out of the box, didn't enforce passwords where they should, and/or that they didn't encrypt network traff
Re: (Score:2)
~hangs head in shame~
No, I did not read the article. I read the responses. It's amazing what sites get blocked here at work (I don't know how I can still get to Slashdot some days).
The important part is that "where someone might be able to listen / intrude" is encrypted. Anything other than that is, IMO, icing.
Re: (Score:2)
There is a significant extra risk from robot cracking, due both to their mobility, standard expanded feature set, and the lack of attention given to their OS security.
A computer with a microphone is less dangerous because the Operating System has at least some security measures (unlike one a lightweight robot might use), computer microphones are not standard for a given computer (whereas a specific target robot's hardware will probably be known before the attack), and is limited to where the user places it
Well... (Score:3, Funny)
VIKI (Score:4, Funny)
I'm not worried about RoboSapien (Score:4, Insightful)
I'm more concerned about someone hacking a Predator or Reaper.
Re: (Score:2, Informative)
Re:I'm not worried about RoboSapien (Score:4, Insightful)
I think it's entirely ontopic (Score:2, Insightful)
GP isn't actually offtopic. This article is directly or indirectly about fear mongering. Pointing out that there are carnivorous child-eating lizards, but that they live on the other side of the planet, is ontopic for "Under the Bed Monster fears" because it's reality, and the more of it you connect to the less subject you will be to irrational fears.
Your post is similarly on topic, since the robots that we should seriously worry about are indeed well secured against hackers.
Spykee is too loud to "sneak"
Give a WowWee to the FBI (Score:2)
No more dangerous than an un-hacked one (Score:2)
It doesn't matter if a robot is "pwned" by Dr. Evil or if it bought, paid for, and run by Dr. Evil - it's equally dangerous either way.
Everyone sing along now, robots are our friends [albinoblacksheep.com].
Re: (Score:2)
Except that the one that is "pwned" is already strategically positioned inside your house. And you probably are not paying attention to your roomba while it snoops on you, or goes out of its way to vacuum up your valuables.
I, for one, am unafraid (Score:3, Insightful)
if you're smart enough to remotely modify a robot's code to do something usefully nefarious, you're smart enough to sell a usefully nefarious to the government for megadollars.
There's a lot more money to be made will legitimate killbots. It might be nice to protect robots from script kiddies who just want to throw a spanner in the works but until robots are ubiquitous enough that domestic cybernetic terrorism becomes attractive (ie, doing it for the lulz) I don't think we need to be overly worried now.
That said, now -is- the time to be thinking about these things so that we're ready before we get to that point. Thinking, but not worried.
Re: (Score:2)
if you're smart enough to remotely modify a robot's code to do something usefully nefarious, you're smart enough to sell a usefully nefarious to the government for megadollars.
False. The robotics researchers have done the work to find out how to make the robot do things. If you just change the order they do things in, then you can create potentially hazardous conditions. Remember, robot applies not just to the giant hockey puck that vacuums your kitchen floor but not your carpets, but also to self-driving dump trucks and the like. Changing it from "wait until the other vehicle passes, then turn left" to "wait until it's unsafe, then turn left" you have potentially committed murde
Re: (Score:2)
I seem to recall that the glue used to hold the dragon skin scales was water soluble and in long term tests the scales eventually migrated to the bottom of the vest?
Re: (Score:3, Informative)
Software, and robot software in particular, is extremely brittle - you muck up one little bit and it doesn't go haywire, it just falls in a heap and does very little at all. The level of cog
Re: (Score:2)
Only at a specific level. Making a robot walk with bipedal motion is hard. MAking a robot able to turn a camera image into a representation of the world around it is hard.
Pathfinding (using A*, for instance) is solved, but not necessarily cheap. It's only hard because of the previous two subgoals
Deciding where to go is not hard at all.
So in other words, if you
Re: (Score:2)
The idea of making a robot do nothing when it should do something is interesting - especially when considering the complexity of aircraft autopilots these days. I wonder to what extend those systems are hardened (although I suspect that critical avionic systems run on a completely closed network).
How dangerous would a hacked robot be? (Score:3, Funny)
Re: (Score:2)
Well, it all depends on your definition of "threat". The physical threat posed by an Aibo or Roomba is pretty low, unless it manages to somehow trip me up or expose wiring in my house or something. I suppose it could be used to start a fire if the materials were somewhat accessible to it, or something like that. However, physical threat is not the only issue.
If I buy a toy robot with WiFi and a webcam so it can patrol my house when I'm gone based on my remote controls, that's all well and good, but if so
Rhetorical Question (Score:3, Insightful)
Robot A is tasked with going into a nuclear reactor and removing spent fuel rods. If Robot A is hacked and re-programmed to smash the shit out of the reactor, this might be dangerous.
Robot B is tasked with preventing people from entering into an access point in a secure building by 'restraining' them. If Robto B is hacked and re-programmed to 'hack' the people at random then this might be dangerous.
Hacking a roomba to spell your name in the carpet is not dangerous... It is all about what the level of responsibility of the robot is. It is funny that we needed research on this.
Re: (Score:2)
On the subject of capabilities:
Just to take a simple example... take over a household robot (assuming it has visual capabilities and/or some method to manipulate objects, even tiny ones)... steer it towards the spare house keys, have it drop them outside the house. Now you have a perfect break-in and the homeowner aren't covered by insurance (no forced entry). Have it read the letters on the table or dropping through the letterbox (bank statements, etc.). Use it to spy on your neighbours when you hear th
Re: (Score:2)
Toy Maker (Score:2)
A simple but functional roomba makes for a perfect mobile landmine. Hide under a car then run out at the opportune time.
A compromised robot can become a lethal, disposable, and potentially untraceable WMD.
Teddy that taking bear deal could easily be compromised to issue malicious voice commands that, given someone foolish enough to use voice command on a computer and leave it unlocked when away, could be used to download malware.
A robosapien that has been compromsed could easliy be tasked to go into the kitc
Re: (Score:2)
Such things could be pulled off, yes. As to how dangerous they would be, I seriously doubt that they classify on the 'WMD' scale.
Plus, WMD's can't possibly work, at least according to my understanding of the laws of physics. Well, unless it's also a WEC - depending on your definition of Energy, I suppose...
Re: (Score:2)
simple but functional roomba makes for a perfect mobile landmine. Hide under a car then run out at the opportune time.
In The Dead Pool [wikipedia.org] they did just that, only instead of a Roomba the bad guy used a remote control toy car filled with explosives, with one of the wierdest chase scenes in movies. The toy car is chasing Dirty Harry's car through San Fransisco, with the bad guy following the toy car in another car.
We've learned this lesson already... (Score:3, Interesting)
...with networked printers.
Sometimes, it can be trivial to print a few hundred pictures of dicks to an IP printer on someone elses network. Or http or telnet into the printer and wreck all kinds of havoc, or just print a ream of test pages. Or use the MFP's fax function for moar great pranksterism. Maybe get a copy of the last x scans....
Of course, years of ubiquitous networked printers have yielded us "some serious attention to the question of" MFP security. Oh...nope? Don't expect much for robots.
Re: (Score:2)
Am I the only one who thought "Phalanx"? (Score:2)
That was my first thought: "How dangerous could a hacked 20 mm Gatling gun firing upwards of 4,500 rounds per minute be?" Very!
Tell me something new (Score:2)
And only because I'm good, I don't do anything more nasty with them.
Yeah I know, I'm bored. But it seems people like more "human" printers and no one complains.
Now I need to move to the coffee machine.
Hide behind the sofa (Score:2)
The Daleks are coming.
about:robots (Score:2)
* Robots may not injure a human being or, through inaction, allow a human being to come to harm.
* Robots have seen things you people wouldn't believe.
* Robots are Your Plastic Pal Who's Fun To Be With.
* Robots have shiny metal posteriors which should not be bitten.
And they have a plan.
Automation (Score:2)
Any machine or robot that performs an automated task could theoretically be reprogrammed. Ever been to a car factory? You nolonger have armies of people welding the frame together. One could potentially instruct one robot to create a few weaker welds. Then it's up to the QA team to catch it. If the number was low enough, they might not be able to trace it back to the robot being hacked or programmed incorrectly since 98% of the time it makes that one out of 500 welds correctly.
Can we stop, please? (Score:3, Insightful)
Can we stop with this completely illogical fear-mongering? Hacked robots? Are you people insane?
When you say "robot", people think of the sort of mindless, strangely powerful, totally mystical automotons found in sci fi movies and television shows. People think cylons and centurions, not a couple of servos and some sensors.
Are hacked robots dangerous? No. Or at least they are no more dangerous in the "hacked" form than their unhacked form. My advice is to not build robots with energy-weapons for arms.
If the "robot" that builds your car gets "hacked" (and by this I mean the PC that has some hydraulics connected to it gets somehow "hacked"), unplug it.
Done.
Too small, but bigger ones are coming. (Score:2)
Those are just toys, and toys at low price points. They're too weak to do much except look around and transmit video and audio.
Now look at the PR2 Personal Robot. [willowgarage.com] That has real manipulation capabiilty and can be teleoperated over WiFi. Now there's a potential problem.
I predict that when Skynet rises... (Score:2)
...it will be initially written in Awk, and its' native operating system will be NetBSD.
Re:The First Law of Robotics (Score:5, Insightful)
See Isaac Asimov for the exact quote, but it basically says robots may not harm humans. Because the law is encoded *in the hardware* there's no way that it can be altered.
Very noble, very pure, very useless when your robot doesn't have any intelligence and just executes commands blindly.
Re: (Score:2)
...useless when your robot doesn't have any intelligence and just executes commands blindly.
Which would be all of them, currently.
Re:The First Law of Robotics (Score:5, Insightful)
Re: (Score:2)
>>>Very noble, very pure, very useless when your robot doesn't have any intelligence
Yes but the CPUs that used to run Game Consoles and very effectively emulate Human AI enemies, are now making their way into robots. Their base operating system could be hard-wired to recognize a human being, and not to harm it, even if the overlaying hacker software is saying, "Destroy everything."
Re: (Score:2)
Define "harm" such that these video game AIs could do something with it.
If the human says "destroy everything" maybe the AI would figure that out.
If the human says "carry this black box to the top floor of this building and push the red button," how is the robot going to evaluate whether that will cause harm?
Re:The First Law of Robotics (Score:4, Insightful)
See Isaac Asimov for the exact quote, but it basically says robots may not harm humans. Because the law is encoded *in the hardware* there's no way that it can be altered.
Except that pretty well all of Asimovs stories were about how the 3 laws could be subverted by finding complex interactions that were not and could not be covered by the application of those simplistic laws
Re: (Score:3, Insightful)
For example, the story about robots who prevented humans from coming to harm through inefficient human governance. Since they could not, through inaction, allow humans to harm themselves, they replaced the human government with robot governors.
They, for the record, did not welcome their new robot overlords.
Re: (Score:2)
Ah, yes, the "Zeroth Law".
Re: (Score:2)
>>>For example, the story about robots who prevented humans from coming to harm through inefficient human governance
Isaac Asimov did NOT write that story, which was full of the numerous illogical holes typical of Hollywood. In Asimov's actual stories, the Three Laws were NEVER violated, and nobody ever was killed by a robot.
Re: (Score:2)
My apologies, I'm not as up on my Asimov as I should be. Can you point me in the right direction, both to the story I erroneously attributed to Asimov, and any similar stories by the man himself?
That said, I was not implying that the robots broke the laws, only that the robots went so far as to prevent physical harm to the humans, that they prevented the humans from acting with free-will (an inherently risky activity). The letter of the first law was not violated, from my memory.
Re: (Score:2)
Re: (Score:2)
Asimov wrote stories about robot governance, including I believe one in I, Robot, as well as the later Foundation series and prequels. Jack Williamson wrote about the Humanoids, robots built on rhodomagnetic principles which had the mission of making humans safe and happy (essentially, Asimov's First Law).
Asimov explored things that could happen without violating the Three Laws, which were not necessarily good for humans. In on I, Robot story (if memory serves) the main characters could have died becau
Re: (Score:3, Interesting)
Human interaction has laws too, but people can ignore them. Robots could neve
Re: (Score:2)
>>>The only murder case regarding a robot killing a man ended with the revelation that the man was in fact a robot... ...and therefore no murder occurred, and the first law was not violated. You forgot to finish your sentence. :-) One of my favorite stories is about a robot on a hostile planet (Venus?) that ends-up frozen in place, not moving. I forget the precise details but he was apparently carrying a deadly radioactive isotope, and if he walked towards the space station he would risk killin
Re: (Score:3, Informative)
This meme has to stop. No his stories weren't about how to subvert the 3 laws. The stories were about how robots were used by humans, who manipulated the robots to perform malicious acts without breaking those laws. There is a subtle difference. And due to the diligence of Elijah Bailey, or Wendell Urth, the humans responsible were *always* caught because the 3 laws defined the behaviour of the robots in such a dependable manner.
Not all the issues with the three laws were about manipulation. There were times when the robots fell in to undesired behavior due to the 3 laws all on their own accord. There are two examples that come to mind.
The first is when Powell and Donovan are assigned to revitalize a mining operation on Mercury (Runaround). One of their robots is given a simple instruction. However, they soon find it behaving in an erratic manner and thus the mystery is set. It turns out the robot set out to follow the initial
Re: (Score:2)
>>>all of Asimovs stories were about how the 3 laws could be subverted
Completely and totally false. The point of the stories was how it APPEARED the laws had failed, but in reality the laws had worked as designed, to protect human life from harm. No human ever died at the hands of a robot in Asimov's stories.
Re: (Score:2)
... and then he writes many stories on how these three laws can be broken, circumvented, mis-interpreted, etc, as do many other authors. I suggest you read some short stories like Robert Sheckley's "The Cruel Equations" that examine how a robots might define what a human is.
Re: (Score:2)
Isaac Asimov was a writer, he wrote some cool stories. That means he didn't have to get into the nitty gritty of what that means. That is very hard to translate into an actual set of machine code.
Sure, the robotic welder is programmed to never use his welding implements on human flesh. However, if his sensor that detects flesh was damaged or otherwise disabled, and a new input stream told him this was metal, and new programing said "weld that shit".... is the robot breaking the law of robotics?
Some concepts
Re: (Score:2)
Re:umm.... (Score:5, Funny)
And make sure and check the switch on the back...make sure it is not set to EVIL.
Re: (Score:3, Funny)
Re: (Score:2)
Symantec Total Security for Robots.
The system went online August 14, 2010