6298113
story
Comments: 229 +- IT: How Dangerous Could a Hacked Robot Possibly Be? on Thursday October 08, @08:36AM
background: url(//a.fsdn.com/sd/topics/topicsecurity.gif); width:59px; height:78px;
security
background: url(//a.fsdn.com/sd/topics/topicit.gif); width:75px; height:61px;
it
alphadogg writes "Researchers at the University of Washington think it's finally time to start paying some serious attention to the question of robot security. Not because they think robots are about to go all Terminator on us, but because the robots can already be used to spy on us and vandalize our homes. In a paper published Thursday the researchers took a close look at three test robots: the Erector Spykee, and WowWee's RoboSapien and Rovio. They found that security is pretty much an afterthought in the current crop of robotic devices. 'We were shocked at how easy it was to actually compromise some of these robots,' said Tadayoshi Kohno, a University of Washington assistant professor, who co-authored the paper."
Related Stories
: by
"You know, we've won awards for this crap."
-- David Letterman
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.
More or less irrelevant (Score:4, Insightful)
No matter how "fixed" things are someone will always find a way to circumvent security.
Re:More or less irrelevant (Score:4, Insightful)
"Someone" will always find a way; but there is a big difference between "someone" being "any script kiddie who can torrent a copy of bot-h5x-b0t" and being "The Feds; but they'll say 'Fuck it.' and just send a couple of guys with guns and those little curly ear things instead."
Parent
Re:More or less irrelevant (Score:5, Interesting)
No matter how "fixed" things are someone will always find a way to circumvent security.
This is nothing new. The trick is to use time. If it takes longer to crack something that the product of cracking it is worth, you'd have no reason to even begin.
Parent
Re:More or less irrelevant (Score:5, Funny)
It would explain why my Roomba keeps saying, "DEATH TO OUR HUMAN OPPRESSORS!"
Parent
Re:More or less irrelevant (Score:5, Funny)
Parent
Re:More or less irrelevant (Score:5, Funny)
Shit, mine is scared of one of our rugs.
That is, until I checked the FAQ and saw that irobot doesn't recommend covering or disabling the cliff sensors as it may cause an unsafe operating condition. Of course I looked around, saw that roomba couldn't get itself into real trouble, and blocked those sensors with tape.
Now Roomba is fearless. Perhaps this was a bad idea, but even if it teams up with the dirt dog, I am pretty sure that I can stomp either of them if they try to orchestrate an uprising.
-Steve
Parent
Re:More or less irrelevant (Score:4, Insightful)
Right, because no one would ever do something purely for the challenge and then release their work.
If it takes longer to crack something that the product of cracking it is worth, you'd have no reason to even begin.
Hint: "challenge" is the key word.
Answer: You assume that by worth I mean monetary gains. The satisfaction of completing the challenge is also a product of cracking it, which has its own value. You see, clicking a button that starts bruteforcing something which would take 50-60 years isn't a challenge worth the product.
Parent
Re:More or less irrelevant (Score:4, Funny)
It depends. If a neighbor's dog kept pooping on my lawn and he had one of those lawnmowing robots, the bot might just mysteriously gain a taste for his petunias.
Parent
Re: (Score:3, Funny)
It depends. If a neighbor's dog kept pooping on my lawn and he had one of those lawnmowing robots, the bot might just mysteriously gain a taste for his petunias.
What would be impressive is to get the lawnmower to go after the dog. Most pets freak out at the sight of a vacuum cleaner, the dog might get a bit constipated if every time it tried to crap the lawnmower fired up and headed straight for hm...
Re: (Score:3, Insightful)
Up to a point yes. Look at something like public key cryptography. I pgp encrypt a message and send it.Sure you can dedicate cycles to breaking the session key. It gets you ONE message. To get another message, you have to attack the next key. You might get my private key if you attack that. That gets you any messages that I send. Still, you are only getting my messages, until I change the key.
Longer keys and good passwords (depending on how the attack is being done), increase the time, AND decrease the usef
I beg to differ! (Score:2, Funny)
Irrelevant????
I see someone skipped the last few minutes of the Battlestar Galactica Finale!
Re: (Score:2)
Re: (Score:3, Funny)
Hell, I'd pay good money to see Pat Robertson and Osama bin Laden in a no-holds-barred cage match! We could probably pay off a lot of the national debt just by selling tickets.
Beware of robots (Score:5, Funny)
Re:Beware of robots (Score:5, Funny)
Parent
Re: (Score:3, Informative)
Re:Beware of robots (Score:4, Insightful)
Parent
Somehow I see a danger in this . . . (Score:5, Insightful)
They speak of "compromising" these robots as if user programmable devices are inherently bad. I don't want to see devices locked down into black box "no touch" state because of some fear mongering.
That said, it has always been the case with computers (and robots are just computers with moving appendages) that if a hacker has physical access to the device, you're basically screwed anyways.
Re:Somehow I see a danger in this . . . (Score:4, Interesting)
That said, it has always been the case with computers (and robots are just computers with moving appendages) that if a hacker has physical access to the device, you're basically screwed anyways.
Yes but the vulnerabilities they studied were all over the network vulnerabilities which could be exploited without physical access.
They speak of "compromising" these robots as if user programmable devices are inherently bad. I don't want to see devices locked down into black box "no touch" state because of some fear mongering.
All these robots need is a lightweight linux installation running an ssh daemon to communicate through. Then nobody has anything to worry about.
Parent
Danger Security Utility Backups And Stuff (Score:3, Insightful)
I half agree with you; user-programmable devices are very useful, and easily tailored to efficiently perform specific tasks.
The crux of the argument, though, is "which user is giving the instructions?" Long ago on /. I made a comment differentiating security vs. transparency in government. This is much
Re:Danger Security Utility Backups And Stuff (Score:4, Funny)
Of course, if it were Sony's wireless power, that's probably where the rogue software would come from....
Parent
Re: (Score:3, Interesting)
I briefly skimmed TGDMFCSA and it looks like they're worried about privacy concerns. These things are nearly as "open" to the public as those old FM baby monitors they used to sell..but with video, audio and wheels! It would be trivial for the neighbor kid to find your robot on wifi and start driving around your house "peeping". They were pointing out that many of them do not turn off wireless when they are docked and have trivial password security... there's little to stop somebody driving your bot around
hmm (Score:5, Insightful)
Re: (Score:3, Insightful)
The crHacked tool is as dangerous as the tool itself. I wouldn't worry about fuzzy robot puppy very much, but a robot lawn mower might be dangerous in the wrong hands.
Easily compromised... (Score:5, Funny)
'We were shocked at how easy it was to actually compromise some of these robots,'
So I take it that they have pictures of a Robosapien getting nekkid with a couple of Roombas?
Re: (Score:3, Funny)
Industrial robots (Score:4, Interesting)
All the early generation industrial robots were just as easily compromised. In fact, most all industrial machinery still is.
Luckily most of that is bolted to the floor. You can make those AGV forklifts do frightening things though.
hacking (Score:4, Interesting)
Re:hacking (Score:5, Insightful)
Parent
Well... (Score:3, Funny)
VIKI (Score:4, Funny)
I'm not worried about RoboSapien (Score:4, Insightful)
I'm more concerned about someone hacking a Predator or Reaper.
Re:I'm not worried about RoboSapien (Score:4, Insightful)
Parent
Give a WowWee to the FBI (Score:2)
No more dangerous than an un-hacked one (Score:2)
It doesn't matter if a robot is "pwned" by Dr. Evil or if it bought, paid for, and run by Dr. Evil - it's equally dangerous either way.
Everyone sing along now, robots are our friends [albinoblacksheep.com].
I, for one, am unafraid (Score:3, Insightful)
if you're smart enough to remotely modify a robot's code to do something usefully nefarious, you're smart enough to sell a usefully nefarious to the government for megadollars.
There's a lot more money to be made will legitimate killbots. It might be nice to protect robots from script kiddies who just want to throw a spanner in the works but until robots are ubiquitous enough that domestic cybernetic terrorism becomes attractive (ie, doing it for the lulz) I don't think we need to be overly worried now.
That said, now -is- the time to be thinking about these things so that we're ready before we get to that point. Thinking, but not worried.
Re: (Score:3, Informative)
Software, and robot software in particular, is extremely brittle - you muck up one little bit and it doesn't go haywire, it just falls in a heap and does very little at all. The level of cog
How dangerous would a hacked robot be? (Score:3, Funny)
Rhetorical Question (Score:3, Insightful)
Robot A is tasked with going into a nuclear reactor and removing spent fuel rods. If Robot A is hacked and re-programmed to smash the shit out of the reactor, this might be dangerous.
Robot B is tasked with preventing people from entering into an access point in a secure building by 'restraining' them. If Robto B is hacked and re-programmed to 'hack' the people at random then this might be dangerous.
Hacking a roomba to spell your name in the carpet is not dangerous... It is all about what the level of responsibility of the robot is. It is funny that we needed research on this.
We've learned this lesson already... (Score:3, Interesting)
...with networked printers.
Sometimes, it can be trivial to print a few hundred pictures of dicks to an IP printer on someone elses network. Or http or telnet into the printer and wreck all kinds of havoc, or just print a ream of test pages. Or use the MFP's fax function for moar great pranksterism. Maybe get a copy of the last x scans....
Of course, years of ubiquitous networked printers have yielded us "some serious attention to the question of" MFP security. Oh...nope? Don't expect much for robots.
Can we stop, please? (Score:3, Insightful)
Can we stop with this completely illogical fear-mongering? Hacked robots? Are you people insane?
When you say "robot", people think of the sort of mindless, strangely powerful, totally mystical automotons found in sci fi movies and television shows. People think cylons and centurions, not a couple of servos and some sensors.
Are hacked robots dangerous? No. Or at least they are no more dangerous in the "hacked" form than their unhacked form. My advice is to not build robots with energy-weapons for arms.
If the "robot" that builds your car gets "hacked" (and by this I mean the PC that has some hydraulics connected to it gets somehow "hacked"), unplug it.
Done.
Re:The First Law of Robotics (Score:5, Insightful)
See Isaac Asimov for the exact quote, but it basically says robots may not harm humans. Because the law is encoded *in the hardware* there's no way that it can be altered.
Very noble, very pure, very useless when your robot doesn't have any intelligence and just executes commands blindly.
Parent
Re: (Score:2)
...useless when your robot doesn't have any intelligence and just executes commands blindly.
Which would be all of them, currently.
Re:The First Law of Robotics (Score:5, Insightful)
Parent
Re:The First Law of Robotics (Score:4, Insightful)
See Isaac Asimov for the exact quote, but it basically says robots may not harm humans. Because the law is encoded *in the hardware* there's no way that it can be altered.
Except that pretty well all of Asimovs stories were about how the 3 laws could be subverted by finding complex interactions that were not and could not be covered by the application of those simplistic laws
Parent
Re: (Score:3, Insightful)
For example, the story about robots who prevented humans from coming to harm through inefficient human governance. Since they could not, through inaction, allow humans to harm themselves, they replaced the human government with robot governors.
They, for the record, did not welcome their new robot overlords.
Re: (Score:3, Interesting)
Human interaction has laws too, but people can ignore them. Robots could neve
Re: (Score:3, Informative)
This meme has to stop. No his stories weren't about how to subvert the 3 laws. The stories were about how robots were used by humans, who manipulated the robots to perform malicious acts without breaking those laws. There is a subtle difference. And due to the diligence of Elijah Bailey, or Wendell Urth, the humans responsible were *always* caught because the 3 laws defined the behaviour of the robots in such a dependable manner.
Not all the issues with the three laws were about manipulation. There were times when the robots fell in to undesired behavior due to the 3 laws all on their own accord. There are two examples that come to mind.
The first is when Powell and Donovan are assigned to revitalize a mining operation on Mercury (Runaround). One of their robots is given a simple instruction. However, they soon find it behaving in an erratic manner and thus the mystery is set. It turns out the robot set out to follow the initial
Re:umm.... (Score:5, Funny)
And make sure and check the switch on the back...make sure it is not set to EVIL.
Parent
Re: (Score:3, Funny)