Robot ransomware is the new nightmare for security experts
Alex Sidorov | 12.03.2018
IncreaseThe researchers modified the robot's software to modify its behavior and demand a ransom (Photo: IOActive Labs)
The researchers modified the robot's software to modify its behavior and demand a ransom (Photo: IOActive Labs)
Ransomware has long been a headache for PC and smartphone users. And in the future, perhaps, robots will stop working until the ransom is paid.
As reported by ZDNet, researchers from security firm IOActive Labs demonstrated at the Kaspersky Security Analyst Summit in Cancun, Mexico, how they hacked one Softbank humanoid robot, NAO, and infected another with custom-made ransomware. The researchers say such attacks would also be effective against the well-known Japanese robot Pepper.
, the robot began to insult its audience and demand that they “feed” it bitcoins so that the systems would return to normal.
While the threat from a miniature robot may italy mobile database funny, if a little scary, the test attack highlighted the risks associated with robot security flaws. “To force a business owner to pay a ransom to a hacker, the robot can be forced to stop working. And since robots are directly involved in manufacturing and service delivery, stopping their work will create financial problems for the business, and they will lose money every minute the robots are down,” said Cesar Cerrudo, chief technology officer at IOActive Labs.
Using previous research to identify vulnerabilities in robots, the researchers were able to inject malicious code into Pepper and NAO robots and run it. They gained complete control over the robots, allowing them to shut them down or change their actions.
Malicious code can be injected into the robot via the Wi-Fi network it is connected to. "The attack can be carried out from a computer or other device connected to the Internet. First, the computer is hacked, and then the robot, since it is connected to the same network as the hacked computer," Cerrudo said.
Unlike computers, robots do not store large amounts of valuable information that a user would be willing to pay a ransom to restore. But since companies often do not have backups to restore systems, if a robot is infected with ransomware, they are unlikely to be able to restore it to normal operation on their own. If they have to wait a long time for a technician to arrive or even return the robot to the manufacturer for restoration, the entrepreneur may consider paying the ransom the lesser evil.