Researchers turn robots into 'weaponised spies'

Security researchers have found a number of issues affecting how robots identify whether commands are sent by their real owners.

By Alexander J Martin, Technology Reporter

Tuesday 22 August 2017 14:57, UK

The robot 'Nao' performs Tai Chi at the IBM stand at the CeBIT 2017 Technology Trade Fair on March 20, 2017 in Hanover, Germany
Image: Critical vulnerabilities are widespread in many robot models, according to security firm IOActive
Why you can trust Sky News

Hackers could turn popular robots into spying tools - or even weapons capable of physical attacks on their owners, security researchers have claimed.

Security firm IOActive tested 12 devices made for the home, businesses and industrial purposes, and in a report said all were found to contain critical vulnerabilities which could allow attackers to control them remotely.

While current devices do not have the "strength, speed and force" to cause an adult harm, the design flaws are so common, the company says, that when stronger robots are developed the risk of harm could be significant.

"We found a lot of authentication vulnerabilities, where the user of the robot is not actually verified to be the owner," said Lucas Apa, a senior security consultant at IOActive.

These issues mean that "anyone within the same network can interact with the robot and issue it commands - to move around or even to return the video or microphone recordings that it's making to a third party".

The robots, especially when used in a business setting, could therefore facilitate industrial espionage, the firm says.

The researchers demonstrated their ability to take control over an Alpha 2 robot, a home assistant device manufactured by UBTECH, simply by sending a command over Bluetooth.

More from Science & Tech

In a video, they reference the manufacturer's promotional use of the robot to help a man carry out some DIY work, alongside the violent tendencies of popular horror film character Chucky.

To date, tests have been confined to the lab with no evidence that hacking is commonplace.

Mr Apa said "robots will become more powerful" if the vulnerabilities aren't fixed.

"In the near future we think that robots could do much more harm than they could do today," he said.

Of the companies tested by IOActive, only Rethink Robotics - which makes manufacturing robots and had been looked at in previous research by the firm - issued a statement to Sky News responding to the report.

The company said all of its items featured in the report had "been addressed by our team months ago" and added that "as with all manufacturing equipment, we also expect that the robot is connected to a secure corporate network".

At the time of writing the other companies featured in the report did not respond to Sky's request for comment.

UBTECH did not respond to Sky's request for comment.