Forgot your password?
typodupeerror
Security IT

How Dangerous Could a Hacked Robot Possibly Be? 229

Posted by CmdrTaco
from the i-for-one-welcome-DELETED dept.
alphadogg writes "Researchers at the University of Washington think it's finally time to start paying some serious attention to the question of robot security. Not because they think robots are about to go all Terminator on us, but because the robots can already be used to spy on us and vandalize our homes. In a paper published Thursday the researchers took a close look at three test robots: the Erector Spykee, and WowWee's RoboSapien and Rovio. They found that security is pretty much an afterthought in the current crop of robotic devices. 'We were shocked at how easy it was to actually compromise some of these robots,' said Tadayoshi Kohno, a University of Washington assistant professor, who co-authored the paper."
This discussion has been archived. No new comments can be posted.

How Dangerous Could a Hacked Robot Possibly Be?

Comments Filter:
  • by Cornwallis (1188489) on Thursday October 08, 2009 @09:39AM (#29680313)

    No matter how "fixed" things are someone will always find a way to circumvent security.

    • by fuzzyfuzzyfungus (1223518) on Thursday October 08, 2009 @09:46AM (#29680415) Journal
      Hardly irrelevant.

      "Someone" will always find a way; but there is a big difference between "someone" being "any script kiddie who can torrent a copy of bot-h5x-b0t" and being "The Feds; but they'll say 'Fuck it.' and just send a couple of guys with guns and those little curly ear things instead."
    • by noundi (1044080) on Thursday October 08, 2009 @09:49AM (#29680435)

      No matter how "fixed" things are someone will always find a way to circumvent security.

      This is nothing new. The trick is to use time. If it takes longer to crack something that the product of cracking it is worth, you'd have no reason to even begin.

      • by fracai (796392)

        Right, because no one would ever do something purely for the challenge and then release their work.

        • by noundi (1044080) on Thursday October 08, 2009 @10:41AM (#29681071)

          Right, because no one would ever do something purely for the challenge and then release their work.

          If it takes longer to crack something that the product of cracking it is worth, you'd have no reason to even begin.

          Hint: "challenge" is the key word.

          Answer: You assume that by worth I mean monetary gains. The satisfaction of completing the challenge is also a product of cracking it, which has its own value. You see, clicking a button that starts bruteforcing something which would take 50-60 years isn't a challenge worth the product.

          • by Ihmhi (1206036) <i_have_mental_health_issues@yahoo.com> on Thursday October 08, 2009 @12:37PM (#29682569)

            It depends. If a neighbor's dog kept pooping on my lawn and he had one of those lawnmowing robots, the bot might just mysteriously gain a taste for his petunias.

            • Re: (Score:3, Funny)

              by FatdogHaiku (978357)

              It depends. If a neighbor's dog kept pooping on my lawn and he had one of those lawnmowing robots, the bot might just mysteriously gain a taste for his petunias.

              What would be impressive is to get the lawnmower to go after the dog. Most pets freak out at the sight of a vacuum cleaner, the dog might get a bit constipated if every time it tried to crap the lawnmower fired up and headed straight for hm...

        • Re: (Score:3, Insightful)

          by TheCarp (96830) *

          Up to a point yes. Look at something like public key cryptography. I pgp encrypt a message and send it.Sure you can dedicate cycles to breaking the session key. It gets you ONE message. To get another message, you have to attack the next key. You might get my private key if you attack that. That gets you any messages that I send. Still, you are only getting my messages, until I change the key.

          Longer keys and good passwords (depending on how the attack is being done), increase the time, AND decrease the usef

      • by Rei (128717) on Thursday October 08, 2009 @10:30AM (#29680935) Homepage

        It would explain why my Roomba keeps saying, "DEATH TO OUR HUMAN OPPRESSORS!"

    • Irrelevant????
      I see someone skipped the last few minutes of the Battlestar Galactica Finale!

    • by cayenne8 (626475)
      DANGER Will Robinson DANGER!! [b9robotbuildersclub.com]
    • by Sethumme (1313479)
      That's what I keep telling the guys in the IT department about antivirus software. That stuff gets so annoying when it asks me questions when I'm trying to download the newest joke video of the week.

      </sarcasm>
  • by operagost (62405) on Thursday October 08, 2009 @09:39AM (#29680325) Homepage Journal
    Fortunately, my insurance company, Old glory, can already protect you TODAY from the danger of robots. Robots are everywhere, and they eat old people's medicine for fuel. And when they grab you with their claws, you can't break free... because robots are made of metal, and they are strong.
  • by MBGMorden (803437) on Thursday October 08, 2009 @09:42AM (#29680349)

    They speak of "compromising" these robots as if user programmable devices are inherently bad. I don't want to see devices locked down into black box "no touch" state because of some fear mongering.

    That said, it has always been the case with computers (and robots are just computers with moving appendages) that if a hacker has physical access to the device, you're basically screwed anyways.

    • by falckon (1015637) on Thursday October 08, 2009 @09:54AM (#29680491)

      That said, it has always been the case with computers (and robots are just computers with moving appendages) that if a hacker has physical access to the device, you're basically screwed anyways.

      Yes but the vulnerabilities they studied were all over the network vulnerabilities which could be exploited without physical access.

      They speak of "compromising" these robots as if user programmable devices are inherently bad. I don't want to see devices locked down into black box "no touch" state because of some fear mongering.

      All these robots need is a lightweight linux installation running an ssh daemon to communicate through. Then nobody has anything to worry about.

    • MBGMorden: They speak of "compromising" these robots as if user programmable devices are inherently bad. I don't want to see devices locked down into black box "no touch" state because of some fear mongering.

      I half agree with you; user-programmable devices are very useful, and easily tailored to efficiently perform specific tasks.

      The crux of the argument, though, is "which user is giving the instructions?" Long ago on /. I made a comment differentiating security vs. transparency in government. This is much

    • Re: (Score:3, Interesting)

      by mabhatter654 (561290)

      I briefly skimmed TGDMFCSA and it looks like they're worried about privacy concerns. These things are nearly as "open" to the public as those old FM baby monitors they used to sell..but with video, audio and wheels! It would be trivial for the neighbor kid to find your robot on wifi and start driving around your house "peeping". They were pointing out that many of them do not turn off wireless when they are docked and have trivial password security... there's little to stop somebody driving your bot around

  • hmm (Score:5, Insightful)

    by Dyinobal (1427207) on Thursday October 08, 2009 @09:43AM (#29680359)
    The hacked robot is as dangerous as the person who hacked it.
    • Re: (Score:3, Insightful)

      by mcgrew (92797) *

      The crHacked tool is as dangerous as the tool itself. I wouldn't worry about fuzzy robot puppy very much, but a robot lawn mower might be dangerous in the wrong hands.

    • by gnud (934243)
      Guns don't kill people,
      haxed robots with guns kill people.
  • by lxs (131946) on Thursday October 08, 2009 @09:44AM (#29680367)

    'We were shocked at how easy it was to actually compromise some of these robots,'

    So I take it that they have pictures of a Robosapien getting nekkid with a couple of Roombas?

  • Industrial robots (Score:4, Interesting)

    by Hijacked Public (999535) on Thursday October 08, 2009 @09:47AM (#29680421)

    All the early generation industrial robots were just as easily compromised. In fact, most all industrial machinery still is.

    Luckily most of that is bolted to the floor. You can make those AGV forklifts do frightening things though.

  • hacking (Score:4, Interesting)

    by confused one (671304) on Thursday October 08, 2009 @09:48AM (#29680427)
    Are not these examples of toys, where the companies are actively cultivating the hacking community -- so, they want them to be hacked / hackable ?
    • Re:hacking (Score:5, Insightful)

      by Hizonner (38491) on Thursday October 08, 2009 @10:00AM (#29680561)
      They want you to play with them and make them do cool things. They don't necessarily want other people to drive up outside your house and use the robots' cameras and microphones to spy on you over WiFi. The problem is that the features that enable the first aren't secured, and therefore they can also be used to do the second.
      • If you're going to use standard wifi then there's no excuse not to use the available encryption; but, that only goes as far as the wireless router and depends on the consumer to correctly configure said router and all the devices on the network. Devices are typically shipped with the encryption turned off and entirely too many people either don't know how to or can't be bothered to set it up -- but that's not the fault of the device manufacturer.

        If it's remotely accessable, you can password protect it; b

      • Good security (in this instance) is about preventing access, not preventing modification where access exists. If you wrote the unbreakable control code for your robosapien, I could simply replace the control card itself to gain control.

        For your WiFi exmample, preventing the ability to connect to the robot via WiFi (by use of encryption and authentication or the like)

        • by Hizonner (38491)

          You didn't read the article, did you? They didn't say one word about preventing people from modifying their own robots. There wasn't the slightest mention of any such thing. The whole issue of "preventing modification" did not come up in the article. At all. Not explicitly. Not by implication. Not by suggestion. Not at all.

          The article complained, very specifically, that the robots, when you took them out of the box, didn't enforce passwords where they should, and/or that they didn't encrypt network traff

          • ~hangs head in shame~

            No, I did not read the article. I read the responses. It's amazing what sites get blocked here at work (I don't know how I can still get to Slashdot some days).

            The important part is that "where someone might be able to listen / intrude" is encrypted. Anything other than that is, IMO, icing.

  • Well... (Score:3, Funny)

    by FlyingSquidStudios (1031284) on Thursday October 08, 2009 @09:48AM (#29680433) Homepage
    I, for one, welcome our hacked robot overlords.
  • VIKI (Score:4, Funny)

    by snspdaarf (1314399) on Thursday October 08, 2009 @09:51AM (#29680461)
    Just make sure the uplink to USR is disabled
  • by HangingChad (677530) on Thursday October 08, 2009 @09:56AM (#29680515) Homepage

    I'm more concerned about someone hacking a Predator or Reaper.

    • Re: (Score:2, Informative)

      by IDtheTarget (1055608)
      I'm not at liberty to get into details, but suffice it to say that Predators and Reapers utilize security features provided by the NSA, that were incorporated into the design, and are effective. While nothing is impossible, IMHO it is vanishingly unlikely that control of either of these devices could be wrested away from the appointed controller. Jammed, yes. Hacked, no.
  • ...that'll fix robot security real fast.
  • It doesn't matter if a robot is "pwned" by Dr. Evil or if it bought, paid for, and run by Dr. Evil - it's equally dangerous either way.

    Everyone sing along now, robots are our friends [albinoblacksheep.com].

    • by Nadaka (224565)

      Except that the one that is "pwned" is already strategically positioned inside your house. And you probably are not paying attention to your roomba while it snoops on you, or goes out of its way to vacuum up your valuables.

  • by Kell Bengal (711123) on Thursday October 08, 2009 @10:03AM (#29680597)
    It always amuses me when people worry about robots going wrong or turning on us, or being used by The Bad Guys of the Week to do us harm. I know a lot of very smart people who are involved in robotics research, and they will tell you that making robots do anything is hard. Making robots do something with surreptitiously poisoned programming would be even harder. Seriously,

    if you're smart enough to remotely modify a robot's code to do something usefully nefarious, you're smart enough to sell a usefully nefarious to the government for megadollars.

    There's a lot more money to be made will legitimate killbots. It might be nice to protect robots from script kiddies who just want to throw a spanner in the works but until robots are ubiquitous enough that domestic cybernetic terrorism becomes attractive (ie, doing it for the lulz) I don't think we need to be overly worried now.

    That said, now -is- the time to be thinking about these things so that we're ready before we get to that point. Thinking, but not worried.
    • by drinkypoo (153816)

      if you're smart enough to remotely modify a robot's code to do something usefully nefarious, you're smart enough to sell a usefully nefarious to the government for megadollars.

      False. The robotics researchers have done the work to find out how to make the robot do things. If you just change the order they do things in, then you can create potentially hazardous conditions. Remember, robot applies not just to the giant hockey puck that vacuums your kitchen floor but not your carpets, but also to self-driving dump trucks and the like. Changing it from "wait until the other vehicle passes, then turn left" to "wait until it's unsafe, then turn left" you have potentially committed murde

      • by Nadaka (224565)

        I seem to recall that the glue used to hold the dragon skin scales was water soluble and in long term tests the scales eventually migrated to the bottom of the vest?

      • Re: (Score:3, Informative)

        by Kell Bengal (711123)
        I'm going to pull out the Yes-I-make-robots-for-a-living-card here and tell you that both your points are quite untrue. Firstly, hacking robot code is not just a case of saying "Do Y, then do X" - I'm sorry, but it doesn't work that way, especially if you have something like cascading vision systems and sensor fusion.

        Software, and robot software in particular, is extremely brittle - you muck up one little bit and it doesn't go haywire, it just falls in a heap and does very little at all. The level of cog
    • hey will tell you that making robots do anything is hard. Making robots do something with surreptitiously poisoned programming would be even harder

      Only at a specific level. Making a robot walk with bipedal motion is hard. MAking a robot able to turn a camera image into a representation of the world around it is hard.

      Pathfinding (using A*, for instance) is solved, but not necessarily cheap. It's only hard because of the previous two subgoals

      Deciding where to go is not hard at all.

      So in other words, if you

  • by Onyma (1018104) on Thursday October 08, 2009 @10:05AM (#29680613)
    That depends on the size of the robot. I'm thinking a hacked Aibo is not much of a threat. Something the size of the Stay Puft Marshmallow man... that's a whole different kinda problem.
    • by natehoy (1608657)

      Well, it all depends on your definition of "threat". The physical threat posed by an Aibo or Roomba is pretty low, unless it manages to somehow trip me up or expose wiring in my house or something. I suppose it could be used to start a fire if the materials were somewhat accessible to it, or something like that. However, physical threat is not the only issue.

      If I buy a toy robot with WiFi and a webcam so it can patrol my house when I'm gone based on my remote controls, that's all well and good, but if so

  • by s31523 (926314) on Thursday October 08, 2009 @10:06AM (#29680623)
    Did we really need to research this, we know the answer... VERY! Of course, this depends on the robot of course.

    Robot A is tasked with going into a nuclear reactor and removing spent fuel rods. If Robot A is hacked and re-programmed to smash the shit out of the reactor, this might be dangerous.

    Robot B is tasked with preventing people from entering into an access point in a secure building by 'restraining' them. If Robto B is hacked and re-programmed to 'hack' the people at random then this might be dangerous.

    Hacking a roomba to spell your name in the carpet is not dangerous... It is all about what the level of responsibility of the robot is. It is funny that we needed research on this.
    • by ledow (319597)

      On the subject of capabilities:

      Just to take a simple example... take over a household robot (assuming it has visual capabilities and/or some method to manipulate objects, even tiny ones)... steer it towards the spare house keys, have it drop them outside the house. Now you have a perfect break-in and the homeowner aren't covered by insurance (no forced entry). Have it read the letters on the table or dropping through the letterbox (bank statements, etc.). Use it to spy on your neighbours when you hear th

      • by s31523 (926314)
        Agreed! Maybe we do need research; a contest on who can turn the most "innocent" robot into something sinister with a prize going to the most sinister robot. Only then will we know our true risk and get attention paid to the subject.
  • A simple but functional roomba makes for a perfect mobile landmine. Hide under a car then run out at the opportune time.

    A compromised robot can become a lethal, disposable, and potentially untraceable WMD.

    Teddy that taking bear deal could easily be compromised to issue malicious voice commands that, given someone foolish enough to use voice command on a computer and leave it unlocked when away, could be used to download malware.

    A robosapien that has been compromsed could easliy be tasked to go into the kitc

    • Such things could be pulled off, yes. As to how dangerous they would be, I seriously doubt that they classify on the 'WMD' scale.

      Plus, WMD's can't possibly work, at least according to my understanding of the laws of physics. Well, unless it's also a WEC - depending on your definition of Energy, I suppose...

    • by mcgrew (92797) *

      simple but functional roomba makes for a perfect mobile landmine. Hide under a car then run out at the opportune time.

      In The Dead Pool [wikipedia.org] they did just that, only instead of a Roomba the bad guy used a remote control toy car filled with explosives, with one of the wierdest chase scenes in movies. The toy car is chasing Dirty Harry's car through San Fransisco, with the bad guy following the toy car in another car.

      Callahan is pursued through San Francisco's hilly streets in his unmarked Oldsmobile 98 squad car b

  • by gandhi_2 (1108023) on Thursday October 08, 2009 @10:20AM (#29680793) Homepage

    ...with networked printers.

    Sometimes, it can be trivial to print a few hundred pictures of dicks to an IP printer on someone elses network. Or http or telnet into the printer and wreck all kinds of havoc, or just print a ream of test pages. Or use the MFP's fax function for moar great pranksterism. Maybe get a copy of the last x scans....

    Of course, years of ubiquitous networked printers have yielded us "some serious attention to the question of" MFP security. Oh...nope? Don't expect much for robots.

    • by ojintoad (1310811)
      I often hack into my neighbors microwave and ruin his TV dinners. He tells everyone about it in his tin foil hat but no one believes him. It's only a matter of time before he goes insane...
  • That was my first thought: "How dangerous could a hacked 20 mm Gatling gun firing upwards of 4,500 rounds per minute be?" Very!

  • I have compromised all the printers at my work. Now instead of "Ready" they say random stuff.
    And only because I'm good, I don't do anything more nasty with them.

    Yeah I know, I'm bored. But it seems people like more "human" printers and no one complains.

    Now I need to move to the coffee machine. :)
  • The Daleks are coming.

  • * Robots may not injure a human being or, through inaction, allow a human being to come to harm.

    * Robots have seen things you people wouldn't believe.

    * Robots are Your Plastic Pal Who's Fun To Be With.

    * Robots have shiny metal posteriors which should not be bitten.

    And they have a plan.

  • Any machine or robot that performs an automated task could theoretically be reprogrammed. Ever been to a car factory? You nolonger have armies of people welding the frame together. One could potentially instruct one robot to create a few weaker welds. Then it's up to the QA team to catch it. If the number was low enough, they might not be able to trace it back to the robot being hacked or programmed incorrectly since 98% of the time it makes that one out of 500 welds correctly.

  • by blhack (921171) on Thursday October 08, 2009 @12:12PM (#29682243)

    Can we stop with this completely illogical fear-mongering? Hacked robots? Are you people insane?

    When you say "robot", people think of the sort of mindless, strangely powerful, totally mystical automotons found in sci fi movies and television shows. People think cylons and centurions, not a couple of servos and some sensors.

    Are hacked robots dangerous? No. Or at least they are no more dangerous in the "hacked" form than their unhacked form. My advice is to not build robots with energy-weapons for arms.

    If the "robot" that builds your car gets "hacked" (and by this I mean the PC that has some hydraulics connected to it gets somehow "hacked"), unplug it.

    Done.

  • Those are just toys, and toys at low price points. They're too weak to do much except look around and transmit video and audio.

    Now look at the PR2 Personal Robot. [willowgarage.com] That has real manipulation capabiilty and can be teleoperated over WiFi. Now there's a potential problem.

  • ...it will be initially written in Awk, and its' native operating system will be NetBSD.

In 1869 the waffle iron was invented for people who had wrinkled waffles.

Working...