Story image

Security experts demonstrate that ransomware attacks on robots are possible

13 Mar 18

Researchers at security firm IOActive managed to conduct what might be the world’s first ransomware attack on robots last week – a method that if used in the wild could disrupt the booming robotics market.

The robotics spending market is expected to reach $230.7 billion by 2021 according to IDC, and robots already play a significant part in the industrial manufacturing, automotive and other industries.

IOActive researchers Cesar Cerrudo and Lucas Apa say that ransomware was typically about targeting information in exchange for money in the past, but as the interaction between robots and humans evolve the attack scenarios will also evolve.

“It’s no secret that ransomware attacks have become a preferred method for cybercriminals to get monetary profit by encrypting victim information and requiring a ransom to get the information back,” comments Apa.

The team decided to conduct a proof-of-concept ransomware attack on the commercially-available Petter and NAO robots, both of which use the same operating system and are developed by SoftBank Robotics. The company has sold more than 30,000 robots to date.

They injected custom code into behaviour file classes, which altered the robots’ behaviours to be malicious.

“Possible malicious behavior on an infected robot includes complete interruptions in service, pornographic content on the robot display, the use of curse words, even doing violent movements. The infected robot could also be an entryway into other internal networks at a business, offering backdoor access to hackers and an entry point for layer penetration to steal sensitive data.”

Apa says the results were ‘astonishing’.

“Ransomware attacks could be used against business owners to interrupt their businesses and coerce them into paying ransom to recover their valuable assets. The robots could also malfunction which may take weeks to return them to operational status. Unfortunately, every second a robot is non-operational, businesses and factories are losing lots of money.”

IOActive informed Softbank of its findings in January 2017, however they are not aware of any fix for the problem.

Last year the research duo found approximately 50 vulnerabilities in robots from various vendors. Attackers could potentially use the vulnerabilities to spy via the robot’s microphone and camera, leak data or cause serious harm.

“Even though our proof of concept ransomware impacted SoftBank’s NAO and Pepper robots, the same attack could be possible on almost any vulnerable robot," Apa says.

"Robot vendors should improve security as well as the restore and update mechanisms of their robots to minimise the ransomware threat. If robot vendors don’t act quickly, ransomware attacks on robots could cripple businesses worldwide,” Apa concludes.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Verifi takes spot in Deloitte Asia Pacific Fast 500
"An increasing amount of companies captured by New Zealand’s Anti-Money laundering legislation are realising that an electronic identity verification solution can streamline their customer onboarding."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.