Vulnerabilities / Threats

3/10/2018
09:00 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

What Happens When You Hold Robots for Ransom?

Researchers explore why an attacker would target robots with ransomware, and the implications of what might happen if they did.

Robots are in our homes, businesses, schools, and industrial facilities. They're builders and service workers, healthcare attendants and customer assistants. As robots continue to proliferate in our lives and human-robot interactions grow, so does the potential for cyberattacks.

The rise of robots is driving new attack vectors and threat scenarios — for example, a robot-targeted ransomware attack. IOActive experts this week conducted the first-ever ransomware attack on robots at the 2018 Kaspersky Security Analyst Summit, following extensive research on the key elements needed for an attack like this and the implications that would result if hackers were successful.

Lucas Apa, an IOActive senior security consultant, and IOActive Labs CTO Cesar Cerrudo have long explored robot security. Last year, the two disclosed about 50 flaws in popular robots and robot-control software used in businesses, homes, and industrial sites. Attackers could abuse these to remotely control a robot, infiltrate networks, steal data, and cause physical harm.

Their latest research explores post-exploitation techniques that ransomware attacks could use to disrupt businesses and force payment. "We decided to expand over our previous research, mainly because we realized ransomware could be used to get an actual profit," Apa explains.

Traditional endpoints commonly store information, which is why data has always been the primary target in ransomware campaigns. Robots are different; they handle different types of data but aren't typically used to store it. Payment data, video feeds, and audio are all examples of sensitive information that robots process but don't store internally.

Apa and Cerrudo were curious whether this data could be targeted with ransomware. The team built a proof-of-concept (PoC) ransomware to stage an attack on Softbank's NAO, a research and education robot with 10,000 in use worldwide. Their PoC attack also works on Pepper, which has nearly the same operating system and vulnerabilities as the NAO robot. The researchers note this attack is possible "on almost any robot" in a blog post detailing their findings.

Someone could deploy ransomware by exploiting an undocumented function that allows remote command execution. The flaw was reported to Softbank and is being disclosed today. As of this writing, there is no fix available. From there, an attacker could infect module files to change the robot's default operations, disable admin features, monitor video and audio, and send data to a command-and-control server.

This infection could spread among robots connected to the same internal network, even if they're not on the Internet, says Cerrudo. If a robot is running the same operating system as a desktop machine, there is potential for an infection to spread from one to the other.

"An attacker can execute commands and modify certain behaviors of the robot," he explains. "If this is done on a high scale on company robots, which could be in the hundreds … this could affect an entire group of robots."

The Potential for Damage
The implications of robot ransomware are broad and dangerous. An attacker could completely interrupt service by shutting robots down, display offensive content on the robot's screen, or perform violent movements and even cause harm to workers. Instead of targeting data, attackers could target software to make the robot non-operational until the victim pays up.

There are several reasons businesses might pay the ransom in these cases. For starters, robots are expensive. Even the most basic enterprise robots cost about $10,000, Apa notes. Most businesses would rather pay attackers than deal with the hassle of fixing a dead robot.

"It creates a huge problem," says Cerrudo. "Once a robot has been compromised with ransomware, you have to send it away to fix it or employ a special technician to fix the problem. It could take a few days or many weeks."

And for robots used in the enterprise, time is money. Every second the robot is not working causes financial loss, whether it's from lost revenue, production costs, or repair costs.

Both Apa and Cerrudo anticipate the risk of robot ransomware will grow as businesses become increasingly dependent on them to build products and offer services. Attackers can exploit them to do more than steal data, driving the consequences of ransomware.

While the ultimate fix is for vendors to build more-secure robots, the researchers urge businesses to take precautions when deploying these machines in the enterprise. "Make sure the robot has security protections, authentication, and encryption, and it's not an easy target," says Apa. "Research has shown most commercially available robots are insecure."

Related Content:

 

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop ITX 2018 agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MarjorJ597
50%
50%
MarjorJ597,
User Rank: Apprentice
3/13/2018 | 7:29:10 PM
About the Security Of the Anyones System Who Used Windows Or Any Other Operating System Like Linux, Unix.....
There are so many users who used The Robot or Trojan to hack The someone information or the identification information for misused and they give an extra headache to protect your system, You have to use The antivirus there are so many software in the market but here the  Avira Customer Support always Provide The good solution and Trusted user satisfaction. 

 

Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2018
Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12294
PUBLISHED: 2018-06-19
WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object.
CVE-2018-12519
PUBLISHED: 2018-06-19
An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials.
CVE-2018-12588
PUBLISHED: 2018-06-19
Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-1 before 3.1.1-2 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the S...
CVE-2018-10811
PUBLISHED: 2018-06-19
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
CVE-2018-10945
PUBLISHED: 2018-06-19
The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function.