Ransomware attacks on robots could soon be a reality

March 29, 2018 11:16 am Roisin Mooney

As robots become more prevalent in our everyday lives including in the home, schools, and businesses, so too does the risk of vulnerabilities and security breaches, with IOActive finding around 50 vulnerabilities in robots in 2017. Despite this, robots have thus far managed to avoid a ransomware attack – that is until now.

At the 2018 Kaspersky Security Analyst Summit (SAS) earlier this month in Mexico, researchers Lucas Apa and Cesar Cerrudo from IOActive, a security company headquartered in Seattle spoke about how they successfully managed to hack the NAO robot and in turn demand ransom in the form of Bitcoin – otherwise it would stop working until paid.

In this experiment, the ransomware installation required the same Wi-Fi network as the robot, meaning that the attack had to take place nearby. In the video demo, the robot is helpful and polite before turning malicious and demanding the cryptocurrency Bitcoin, once the code had been entered by the researchers.

The researchers said the same attack would also work on the NAO’s robot sister Pepper. By being equipped with microphones and cameras, NAO and Pepper are two of the most used robots in schools, businesses and retail stores to provide assistance.

Although the research conducted by IOActive didn’t harm a business or individual, it does highlight the potential security risks of robots and connected devices. “Ransomware for robots is a real threat with potentially huge economic implications for businesses – even more than regular ransomware”.

Lack of security in robots could wreak havoc in organisations. If such an attack did occur, it could pose major financial burdens for the organisation, as each minute goes by that a robot is demanding ransom and not working, means a loss of productivity for the organisation. “If it’s one robot then it could take less time, but if there are dozens or more, every second they aren’t working, the business is losing money” said Cerrudo speaking to ZDNet.

Even more, once a malfunction occurs, the time period before it is solved can be significant – even weeks before it can return to an operational status. Because of this, organisations may find it less expensive to pay the ransom, and in turn give in to the demand.

As businesses across the world increasingly deploy robots in their everyday operations, robots will soon become mainstream, and with this IOActive stress the importance of making them secure. “While we don’t see robots everyday, they’re going mainstream soon, businesses worldwide are deploying robots for different services. If we don’t start making robots secure now, if more get out there which are easily hacked, there are very serious consequences”.