Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

3/10/2018
09:00 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

What Happens When You Hold Robots for Ransom?

Researchers explore why an attacker would target robots with ransomware, and the implications of what might happen if they did.

Robots are in our homes, businesses, schools, and industrial facilities. They're builders and service workers, healthcare attendants and customer assistants. As robots continue to proliferate in our lives and human-robot interactions grow, so does the potential for cyberattacks.

The rise of robots is driving new attack vectors and threat scenarios — for example, a robot-targeted ransomware attack. IOActive experts this week conducted the first-ever ransomware attack on robots at the 2018 Kaspersky Security Analyst Summit, following extensive research on the key elements needed for an attack like this and the implications that would result if hackers were successful.

Lucas Apa, an IOActive senior security consultant, and IOActive Labs CTO Cesar Cerrudo have long explored robot security. Last year, the two disclosed about 50 flaws in popular robots and robot-control software used in businesses, homes, and industrial sites. Attackers could abuse these to remotely control a robot, infiltrate networks, steal data, and cause physical harm.

Their latest research explores post-exploitation techniques that ransomware attacks could use to disrupt businesses and force payment. "We decided to expand over our previous research, mainly because we realized ransomware could be used to get an actual profit," Apa explains.

Traditional endpoints commonly store information, which is why data has always been the primary target in ransomware campaigns. Robots are different; they handle different types of data but aren't typically used to store it. Payment data, video feeds, and audio are all examples of sensitive information that robots process but don't store internally.

Apa and Cerrudo were curious whether this data could be targeted with ransomware. The team built a proof-of-concept (PoC) ransomware to stage an attack on Softbank's NAO, a research and education robot with 10,000 in use worldwide. Their PoC attack also works on Pepper, which has nearly the same operating system and vulnerabilities as the NAO robot. The researchers note this attack is possible "on almost any robot" in a blog post detailing their findings.

Someone could deploy ransomware by exploiting an undocumented function that allows remote command execution. The flaw was reported to Softbank and is being disclosed today. As of this writing, there is no fix available. From there, an attacker could infect module files to change the robot's default operations, disable admin features, monitor video and audio, and send data to a command-and-control server.

This infection could spread among robots connected to the same internal network, even if they're not on the Internet, says Cerrudo. If a robot is running the same operating system as a desktop machine, there is potential for an infection to spread from one to the other.

"An attacker can execute commands and modify certain behaviors of the robot," he explains. "If this is done on a high scale on company robots, which could be in the hundreds … this could affect an entire group of robots."

The Potential for Damage
The implications of robot ransomware are broad and dangerous. An attacker could completely interrupt service by shutting robots down, display offensive content on the robot's screen, or perform violent movements and even cause harm to workers. Instead of targeting data, attackers could target software to make the robot non-operational until the victim pays up.

There are several reasons businesses might pay the ransom in these cases. For starters, robots are expensive. Even the most basic enterprise robots cost about $10,000, Apa notes. Most businesses would rather pay attackers than deal with the hassle of fixing a dead robot.

"It creates a huge problem," says Cerrudo. "Once a robot has been compromised with ransomware, you have to send it away to fix it or employ a special technician to fix the problem. It could take a few days or many weeks."

And for robots used in the enterprise, time is money. Every second the robot is not working causes financial loss, whether it's from lost revenue, production costs, or repair costs.

Both Apa and Cerrudo anticipate the risk of robot ransomware will grow as businesses become increasingly dependent on them to build products and offer services. Attackers can exploit them to do more than steal data, driving the consequences of ransomware.

While the ultimate fix is for vendors to build more-secure robots, the researchers urge businesses to take precautions when deploying these machines in the enterprise. "Make sure the robot has security protections, authentication, and encryption, and it's not an easy target," says Apa. "Research has shown most commercially available robots are insecure."

Related Content:

 

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop ITX 2018 agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Valentina518
50%
50%
Valentina518,
User Rank: Apprentice
11/14/2018 | 12:36:44 AM
Re: About the Security Of the Anyones System Who Used Windows Or Any Other Operating System Like Linux, Unix.....
Here is a great article for those of you who might have had slightly unrealistic expectations from this. If you have any particular issues related to the printer offline windows 10  you can firmly go through the  https://goo.gl/4ie3UH and It will be really helpful. Hope for you too.
MarjorJ597
50%
50%
MarjorJ597,
User Rank: Apprentice
3/13/2018 | 7:29:10 PM
About the Security Of the Anyones System Who Used Windows Or Any Other Operating System Like Linux, Unix.....
There are so many users who used The Robot or Trojan to hack The someone information or the identification information for misused and they give an extra headache to protect your system, You have to use The antivirus there are so many software in the market but here the  Avira Customer Support always Provide The good solution and Trusted user satisfaction. 

 

COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
The Yellow Brick Road to Risk Management
Andrew Lowe, Senior Information Security Consultant, TalaTek,  11/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: He hits the gong anytime he sees someone click on an email link.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29070
PUBLISHED: 2020-11-25
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
CVE-2020-26212
PUBLISHED: 2020-11-25
GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of ever...
CVE-2020-26243
PUBLISHED: 2020-11-25
Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being decoded...
CVE-2020-25650
PUBLISHED: 2020-11-25
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service fo...
CVE-2020-29071
PUBLISHED: 2020-11-25
An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving se...