Could unsupervised robots connected to the internet pose a threat to users?

An ill-intentioned hacker taking control of all the robots to take over the planet could now by more than just an idea for an action movie. Research that was published in the 2018 Robotics Science and System conference in Pittsburgh proved that 100 of the robots that were a part of the survey, which was connected to the internet without any supervision were vulnerable to cyber attacks by hackers who could control the robots and tap into its faculties, granting them access to things such as mobility and footage if the robot has eyes. 

A team of researchers from the Brown University undertook a worldwide search of hosts running the Robot Operating System (ROS) over three different periods in 2017 and 2018. Findings of the search stated that over 100 systems were vulnerable to cyber attacks by hackers. Additionally, 19 out of those 100 were fully functional robots.

The ROS is a widely-used platform for research in robotics. The platform combines all of the robot's components like cameras, sensors and actuators and ties it up to a central computing node which functions similar to a human's central nervous system. 

“Though a few unsecured robots might not seem like a critical issue, our study has shown that a number of research robots is accessible and controllable from the public Internet,” the research paper read. 

“It is likely these robots can be remotely actuated in ways [that are] dangerous to both the robot and the human operators.”

The study, as claimed by the researchers, did not intend to point fingers at any individual labs but to underscore the fact that the security protocols that guided the ROS in many of them could be easily overlooked. 

The research also provided a viable solution to the problem by stating that the simplest way to tackle such attacks was to run the OS behind an efficient firewall or on a Virtual Private Network (VPN). 

“When you have software written without security in mind coupled with people not thinking about security, that’s a dangerous combination,” one of the researchers said. “We can think of this in the larger context of the Internet of Things, where we need to think about security in all stages of a product, from the development and upgrade cycle to the way in which users deploy the devices.”