Robots often left unsecured on internet can be controlled by hacker, says study
Researchers from Brown University in the US ran a worldwide scan in search of hosts running the Robot Operating System (ROS), a popular research robotics platform.
During the scans, which were performed over three different periods in 2017 and 2018, they found as many as 100 exposed systems running ROS, up to 19 of which were considered to be fully operational robots.
"It is likely these robots can be remotely actuated in ways that are dangerous to both the robot and the human operators," they said.
The findings are a reminder that everyone needs to be mindful of security in an increasingly connected digital world, researchers said.
ROS is the dominant platform used in research robotics.
It can be thought of like a robot's central nervous system. The platform aggregates all of a robot's various components - its cameras, sensors, and actuators - and ties them to a central computing node.
Through an external computer and a network connection, an operator connects to the central node to give commands to the robot.
"ROS is a great tool for robotics research, but the designers explicitly left security to the end users," said Stefanie Tellex, a roboticist at Brown.
Researchers set out to find out how many robots running ROS might be out there and accessible via the internet. They performed the scan on three different occasions and found around 100 exposed systems running ROS.
One of the robots detected turned out to be in the lab of one of Tellex’s collaborators, Siddhartha Srinivasa, a computer science professor at the University of Washington.
To find out if it were actually possible to take control of a robot remotely, Tellex contacted Srinivasa and asked his team to leave some of the robot's functions online for a test.
Tellex showed that she could access the robot's camera, move its neck and even make the robot speak using a ROS speech function.
That kind of access can be dangerous, researchers said.
"These robots can potentially be moved in ways endangers to the robot, as well as to the people operating the robot," Tellex said.
Securing these robots is not particularly difficult, researchers said.
They just need to be running behind a firewall or on a virtual private network. However, that requires users to be mindful of security, and the researchers hope this study will encourage people to be just that.
(This story has not been edited by Devdiscourse staff and is auto-generated from a syndicated feed.)