Ransomware Special Robots: A Boon For Cybercriminals
Security researchers have just pointed out flaws in the protections of two particularly popular robots, making them highly vulnerable to a ransomware attack.
A risk of importance, because this type of attack could paralyze some companies.
Humanoid robots seem to be on the rise, in the buoyant market of artificial intelligence: but their large-scale deployment urgently requires an improvement in their security protocol, which is far too porous for the moment. Like all connected objects, they can be a privileged gateway for cybercriminals.
A robot who insults his "masters" and claims bitcoin to get back to work!
Security researchers at IOActive have successfully tested an attack on the NAO robot, manufactured by Softbank, and infected it with a Ransomware. Not lacking in humor, the team programmed the malware so that the robot starts to stop working, insults the township and asks to be fed with bitcoin to resume its task!
According to the researchers, this attack, made possible by hacking the WiFi network that sends commands to NAO, would have had the same effects on the Pepper robot. "If a team hack WiFi, the attack can come from a computer or other terminal connected to the Internet. Thus, a computer is hacked and from there, the robot can be hacked because it is in the same network as the compromised computer "details César Cerrudo, technology director of IOActive Labs.
Inactive robot loses money every second.And, amusing as it is, this attack shows with brilliance the defects of security of these new tools. The worry is that the activity of a company may depend on that of its robots, a boon for hackers.
"To force the boss of a company to pay a ransom to a pirate, you can make robots stop working and because robots are directly related to production and services, the fact that they stop to work will cause a financial problem for the manager, losing money for every second of inactivity "explained César Cerrudo, IT searcher.
Indeed, debugging a hacked robot can take a long time and sometimes imposes a return to the manufacturer. In the case of a company using dozens of these robotic auxiliaries, the shortfall can quickly escalate. And the payment of a ransom to be perceived by the leaders as a lesser evil. Reason for which the hackers risk aiming particularly at these last-born of the technology.
Rapid security is needed."Even if we do not interact with robots on a daily basis, they will soon be democratized and companies around the world are deploying robots for different services. If we do not start now to secure the robots, and if more these robots put into service are easy to hack, the consequences will be very serious,” claimed Cerrudo.
Especially since the possibilities currently offered to cybercriminals are numerous, more than fifty different vulnerabilities were spotted by IOActive researchers and with various consequences: "Complete interruption, pornographic content on the digital display of the robot, insults, and same violent movements! The infected robot could also be a gateway to the company's internal network, functioning as a backdoor and offering hackers an entry point to steal sensitive data." Lucas Apa, co-leader of the study.
Manufacturers want reassurance... but fear an epidemic!On the side of Softbank, a spokesman said that the company continued to improve the safety of robots. IOActive is much more pessimistic, doubting the technical possibility of solving this problem without modifying all the current architecture and design of the robots.
As if the history of connected objects were replayed before us: security researchers who point out weaknesses, companies that say they work there and that we should not worry and, ultimately, epidemics of botnet and Ransomware.