The global market for industrial robots has been increasing steadily since 2020 and is expected to reach 104.65 billion dollars in 2023 (Statista, n.d.). Though concepts related to robotics and automated tools have their roots far back in history (Robotnik, n.d.), today, robots are being deployed around the world across a wide range of industries. Some areas that have invested in robotic technology include the manufacturing sector (Wang et al., 2022), healthcare (Taylor et al., 2019), the military (Voth, 2004; Calcara, 2022); and retail environments (Rindfleisch et al., 2022). Robots are also widely used to advance scientific research (Katzschmann, et al., 2019). There are other sectors that use robots too; the list is not exhaustive.
From the sea floor to outer space, robot technology has made it possible for researchers and scientists to gain access to remote areas and environments that do not yet sustain human life.
The benefits that robots offer are also wide-ranging. The advantages are easily apparent in the healthcare sector where robots work on the hospital floor and distribute medicine and where robotic assisted surgery is becoming increasingly common (Mayo Clinic, n.d.). From the sea floor to outer space, robot technology has made it possible for researchers and scientists to gain access to remote areas and environments that do not yet sustain human life. For example, Sojourner, Spirit and Opportunity, Curiosity, and Perseverance, the robotic vehicles sent to Mars by NASA, have helped to deepen our understanding of the red planet (NASA, 2023). Robot fish are helping to uncover mysteries in deep sea trenches and potentially help to find solutions to address climate change (Gramling, 2021).
The military uses robots to help with explosive ordinance disposal (EOD) (Greenmeier, 2010), Robots are used in search and rescue missions (Foster, 2022). They are used in restaurants, in hotels, and schools. There are also a handful of social robots like Pepper, Amazon Astro and Buddy that are for home use and can connect with other devices.
With robots being used in homes, in restaurants and hotels, hospitals and for security, a potential cyber-attack, one that takes over the control of a robot, is highly concerning and could result in harm to humans or destruction of property.
Despite the benefits associated with robots, a growing number of researchers have become increasingly concerned that cybersecurity has not been properly prioritized during robot design, manufacturing, deployment and use (Mayoral-Vilches , 2021). In fact, some maintain that in the field of robotics the focus is on development and market penetration, without adequate consideration of cybersecurity and that “the robotic domain suffers from a set of security and safety threats that can lead to dangerous attacks” (Yaacoub, et al., 2022). With robots being used in homes, in restaurants and hotels, hospitals and for security, a potential cyber-attack, one that takes over the control of a robot, is highly concerning and could result in harm to humans or destruction of property. Cyber threat actors could also assume control of a robot to use for surveillance. The following examples illustrate some of the ways that researchers have exploited robot technology while demonstrating the need for greater robot cybersecurity.
In 2017, a security research company based out of Seattle, IOActive, discovered more than 50 ‘hackable’ security vulnerabilities in six home and industrial robots. According to their research findings, IOActive identified security flaws in robots NAO and Pepper as well as security gaps in manufacturing robots from Universal Robots and Rethink Robotics (Cerrudo, 2017). Researchers from IOActive demonstrated that they could gain access to a robot arm’s operating system and overwrite the file that maintains the limits on the speed of the robots’ movements, the force it uses and how it reacts when its sensors detect someone close to it. The company also demonstrated how the audio and video components of the robots could be compromised and be turned into surveillance devices. In one example, they illustrated how a robot could be hijacked, controlled remotely, and used to attack a tomato with a screwdriver (Cerrudo, 2017). Though the hijacked robot, Alpha 2 is a small robot, this can be an important warning for cities such as San Francisco that have considered using police robots with the ability to use lethal force. Think of the dire implications if a threat actor could hack into weaponized police robot.
According to IOActive, their research represented basic, early reconnaissance of the field. This was not an extensive audit (Cerrudo, 2017).
In 2017, another security firm from Italy also demonstrated that they could take over an industrial robot arm (Greenburg, 2017). A year later, in 2018, researchers identified a number of hosts supporting robotic systems were “exposed to the public Internet” (DeMarinis, et al.,2018).
In 2019, Popular Mechanics reported that a hotel in Japan had invested in small robots for the guest rooms, but the hotel was not aware that their room robots could be hacked and used to spy on hotel customers (Linder, 2019). A security engineer, Lance R. Vick discovered the security flaw and informed the hotel chain that the robots could be hacked remotely, the microphones and cameras could be turned on, and the guest-facing robots could be used to listen to and watch hotel guests (Linder, 2019). When the hotel did not respond to Vick’s warning, after 90 days, he made the information public. At that time, the hotel assured the public that hotel guests had not been compromised and that the security flaws had been patched (Linder, 2019). If a malign actor had compromised the room robots, the hotel could have faced fines, lawsuits, a loss of clients and a tainted reputation.
In 2021, researchers demonstrated how to bypass control-based intrusion detection techniques and hack into robotic vehicles (Dash et al).
A year later, during the first months of the Ukraine war, hackers claimed that they were able to take over surveillance robots that were operating at a Russian airport (Thalan, 2022). In May 2022, a hacker group, CaucasNet uploaded screenshots of what they claim was a compromised web portal that controls the Tral Patrol 4.O robots at the Sheremetyevo International Airport in Russia. Later CaucasNet shared a video on Twitter that seemed to show the hackers controlling the robots and using them to broadcast the Ukrainian national anthem across various locations (Thalan, 2022). Though the airport did not substantiate the claims, at the very least, the posts by CaucasNet, illustrate that robots are targets, ones potentially susceptible to compromise.
Additionally, according to the report, a malicious attacker, after taking control of a hospital robot, could interfere with patient care, access medical records, disrupt or block the delivery of critical medications to patients, steal medication or use the robot to harm or harass people at the hospital (Cynerio, 2022).
More recently, in April 2022 researchers at cybersecurity company, Cynerio, released a concerning report regarding the cybersecurity of healthcare robots and devices (Cynerio, 2022). While the team at Cynerio, some who are ex members of Israel’s intelligence branch 8200, was conducting an assessment for a customer hospital, they discovered 5 vulnerabilities targeting Aethon TUG autonomous robots which are used at hundreds of hospitals across the United States and around the world. The Cyberio report maintained that the vulnerabilities that were discovered could allow an attacker access to real time video footage of the hospital, staff and patients. It would also allow individuals who exploited the vulnerabilities in the robots to bypass the admin password, move the robots through the hallways, open medicine drawers, and use the camera to spy on patients and the hospital staff (Cynerio, 2022). Additionally, according to the report, a malicious attacker, after taking control of a hospital robot, could interfere with patient care, access medical records, disrupt or block the delivery of critical medications to patients, steal medication or use the robot to harm or harass people at the hospital (Cynerio, 2022). The vulnerabilities were not within the robots, according to Cynerio, but with the servers; however, despite the location of the vulnerabilities, the lead Cynerio researchers maintained that hacking the robots required minimal skill (Cynerio, 2022). Fortunately, Cynerio directly notified the impacted hospital and the manufacturer right away, so they could patch their robots prior to the release of the report. Despite the advantages of healthcare robots, it is important to recognize that the increase of hospital robots has widened the cybersecurity threat landscape and introduced new challenges that “healthcare organizations cannot address with traditional IT cybersecurity solutions” (Cynerio, 2022).
Amid the growing concerns related to robot security, in an attempt to understand the current status of cybersecurity in robotics, Mayoral-Vilches (2021) conducted a literature review of robot cybersecurity, surveyed robotic groups and communities, and provided an analysis of data that was collected over three years regarding proactive security research in robotics. Based on the three areas of exploration, the author concluded that robot cybersecurity is a maturing field that ”deserves further attention, tools and educational material” in order to train professionals in cybersecurity practices for robotics (Mayoral-Vilches, 2021). The author also concluded that due to the complexity of robotic systems, there is a widening attack surface and “a variety of potential attack vectors which manufacturers are failing to mitigate in reasonable time periods” (Mayoral-Vilches, 2021).
In his study, Mayoral-Vilches recommended that external security assessments and evaluations should be conducted early within the development cycle of a robot (Mayoral-Vilches, García-Maestro, et al., 2020). The author also introduced a Robot Security Framework (RSF) to standardize security assessments in robotics (Mayoral-Vilches, Kirschgens, Calvo, et al., 2018). Additionally, Vilches et al. (2020), introduced alurity, a toolbox for robot cybersecurity (Mayoral-Vilches, Abad-Fernández, et al.) and guidelines for pentesting for ROS (Dieber et al., 2020).
In 2022, Yaacoub et al. also presented an assessment of robot cybersecurity. According to these authors, there is a gap in the global understanding of robot security issues. Additionally, they note that there are limitations around the design of secure robot systems. To help researchers identify, classify and address cybersecurity issues the authors explored the following areas: security vulnerabilities, the source of security threats; security risks; and attacks on robotic hardware, firmware, and communications. To help improve robot cybersecurity, the authors presented valuable countermeasures and recommendations to secure robots. For example, following a section on robotic risk assessments, the document outlines a cyber threat intelligence framework, presents sections on active security awareness, active response; active management: precaution and correction; robotic security protection; system hardening; identification, verification and authentication and cryptographic solutions and protocols. The authors also provide a discussion about various security tools and AI solutions that can be used as part of a strategic approach to robot cybersecurity (Yaacoub et al., 2022).
According to Allied Market Research, investments in the global robotics market is projected to reach approximately $189.36 billion by 2027 (n.d.). Given the significant investments in robotics, it is critical for these systems to be secure from cyber threat actors. Unfortunately, today, whether robots are used for security, service, healthcare or hospitality, “robotic systems suffer from several security vulnerabilities that can be exploited to launch dangerous attacks, which may have drastic consequences on these infrastructures escalating from economical losses all the way to the loss of human lives. Such attacks are possible due to the lack of security by design of robotic systems and the reliance on open wireless communication channels” (Yaacoub et al., 2022).
References
Calcara, A. (2022). Contractors or robots? Future warfare between privatization and automation, Small Wars and Insurgencies, Taylor & Francis Journals, vol. 33(1-2), pages 250-271, February.
Cerrudo, C., Apa, L (2017) Hacking robots before skynet. Cybersecurity Insight, IOActive Report, Seattle, USA.
Cynerio. (2022). JekyllBot: 5. https://assets.website-files.com/5d2ad783e06f4c19469d363a/625551dd440d0b187fa96d38_JekyllBot-5-Vulnerability-Disclosure-Report.pdf
DeMarinis, N., Tellex, S., Kemerlis, VP., Konidaris, G., & Fonseca, R. (2019, May). Scanning the internet for ros: A view of security in robotics research. In 2019 International Conference on Robotics and Automation (ICRA) (pp. 8514-8521). IEEE.
Dieber, B., White, R., Taurer, S., Breiling, B., Caiazza, G., Christensen, H., & Cortesi, A. (2020). Penetration testing ROS. In Robot operating system (ros) (pp. 183–225). Springer.
Foster, B. (2022). When search and rescue robots (SAR) really help. Nutsel. https://nutsel.com/robotics/search-and-rescue-robots/#:~:text=Robots%20are%20increasingly%20becoming%20a%20staple%20in%20search,have%20proven%20their%20worth%20time%20and%20time%20again.
Gramling, C. (2021, March 3). Soft robot withstands crushing pressures at ocean’s greatest depths. Science News. https://www.sciencenews.org/article/new-soft-robot-snailfish-crushing-pressures-deep-ocean
Greenburg, A. (2017). Watch Hackers Sabotage an Industrial Robot Arm https://www.wired.com/2017/05/watch-hackers-sabotage-factory-robot-arm-afar/
Greenemeier, L. (n.d.). Are military bots the best way to clear improvised explosive devices ? Scientific American. https://www.scientificamerican.com/article/robot-ied-clearance/
He, Y., Wang, D.B., Ali, Z.A.: A review of different designs and control models of remotely operated underwater vehicle. Meas. Control, p. 0020294020952483 (2020). (n.d.).
In depth. (n.d.). NASA Solar System Exploration. https://solarsystem.nasa.gov/missions/mars-2020-rover/in-depth/
Katzschmann, R. K., DelPreto, J., MacCurdy, R., & Rus, D. (2018). Exploration of underwater life with an acoustically controlled soft robotic fish. Science Robotics, 3(16). https://doi.org/10.1126/scirobotics.aar3449
Linder, C. (2019, October 30). So Maybe Hackable Hotel Robots Aren’t a Great Idea. Popular Mechanics.com. https://www.popularmechanics.com/technology/robots/a29590119/hotel-robots-spying/
Mayoral-Vilches, V., Abad-Fernández, I., Pinzger, M., Rass, S., Dieber, B., Cunha, A. et al. (2020). alurity, a toolbox for robot cybersecurity. arXiv preprint arXiv:2010.07759.
Rindfleisch, A., Fukawa, N., & Onzo, N. (2022). Robots in retail: Rolling out the whiz. AMS Review, 12(3-4), 238–244. https://doi.org/10.1007/s13162-022-00240-4
Robot software market size. (n.d.). Allied Market Research. https://www.alliedmarketresearch.com/robot-software-market-A11852
Robotic surgery – mayo clinic. (n.d.). https://www.mayoclinic.org/tests-procedures/robotic-surgery/about/pac-20394974#:~:text=Robotic%20surgery%2C%20or%20robot-assisted%20surgery%2C%20allows%20doctors%20to,invasive%20surgery%20%E2%80%94%20procedures%20performed%20through%20tiny%20incisions.
Robotnik. (2021, November 2). History of robots and robotics. https://robotnik.eu/history-of-robots-and-robotics/#:~:text=Some%20relevant%20historical%20data%20would%20be%20the%20following%3A,obstacles%20thanks%20to%20Cartesian%20coordinates%20on%20its%20vertices.
Statista. (n.d.), Industrial robots: worldwide market size | Statista
Taylor, A., Lee, H., Kubota, A., & Riek, L. D. (2019). Coordinating clinical teams. Proceedings of the ACM on Human-Computer Interaction, 3(CSCW), 1–30. https://doi.org/10.1145/3359323
Taylor, A., Lee, H., Kubota, A., & Riek, L. D. (2019). Coordinating clinical teams. Proceedings of the ACM on Human-Computer Interaction, 3(CSCW), 1–30. https://doi.org/10.1145/3359323
Thalen, M. (2022, May 17). Did hackers commandeer surveillance robots at a Russian airport?. Dailydot.com. https://www.dailydot.com/debug/hackers-surveillance-robots-russia/
Voth, D. (2004). A new generation of military robots. IEEE Intelligent Systems, 19, 2-3.
Vuong, T.,Filippoupolitis, A., Loukas, G; Gan, D. (2014). “Physical indicators of cyber attacks against a rescue robot,” 2014 IEEE International Conference on Pervasive Computing and Communication Workshops (PERCOM WORKSHOPS), Budapest, Hungary. pp. 338-343, doi: 10.1109/PerComW.2014.6815228.
Wang, R. Gao, J. Váncza, J. Krüger, X.V. Wang, S. Makris, and G. Chryssolouris. (2019). Symbiotic human-robot collaborative assembly. CIRP Annals, Vol. 68, 2, 701–726. https://doi.org/10.1016/j.cirp.2019.05.00. https://doi.org/10.1016/j.cirp.2019.05.002Google Scholar
Yaacoub, JP.A., Noura, H.N., Salman, O. et al. (2022). Robotics cyber security: vulnerabilities, attacks, countermeasures, and recommendations. Int. J. Inf. Secur. 21, 115–158. https://doi.org/10.1007/s10207-021-00545-8.
Connie Uthoff
Leave a Comment