Robots, when left unsecured on the Internet, can expose users across the web, thereby allowing hackers to control them remotely in ways that could be dangerous to both the robot and the human operators, warns a study. It is possible to control these robots remotely — to spy on camera feeds and even send commands to move the robots around, according to a study presented at the 2018 Robotics Science and Systems conference in Pittsburgh, US.
For the study, a team of researchers from Brown University in Rhode Island, US, carried out a worldwide scan in search of hosts running the Robot Operating System (ROS) over three different periods in 2017 and 2018. They found as many as 100 exposed systems running ROS, up to 19 of which were considered to be fully operational robots. The findings are a reminder, the researchers said, that everyone needs to be mindful of security in an increasingly connected digital world.
“Though a few unsecured robots might not seem like a critical issue, our study has shown that a number of research robots is accessible and controllable from the public Internet,” the research team said. “It is likely these robots can be remotely actuated in ways (that are) dangerous to both the robot and the human operators,” they added.
ROS is the dominant platform used in research robotics, which can be thought of like a robot’s central nervous system. The platform aggregates all of a robot’s various components — its cameras, sensors and actuators — and ties them to a central computing node.
“ROS is a great tool for robotics research, but the designers explicitly left security to the end users,” said Stefanie Tellex, a roboticist at Brown University and a study co-author. “It doesn’t require any authentication to connect to a ROS master, which means if you’re running ROS and it’s not behind a firewall, anyone can connect to your robot,” Tellex added.
The researchers said they performed the study to highlight the fact that the security holes in ROS can easily be overlooked.