Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

09:00 AM
Connect Directly

What Happens When You Hold Robots for Ransom?

Researchers explore why an attacker would target robots with ransomware, and the implications of what might happen if they did.

Robots are in our homes, businesses, schools, and industrial facilities. They're builders and service workers, healthcare attendants and customer assistants. As robots continue to proliferate in our lives and human-robot interactions grow, so does the potential for cyberattacks.

The rise of robots is driving new attack vectors and threat scenarios — for example, a robot-targeted ransomware attack. IOActive experts this week conducted the first-ever ransomware attack on robots at the 2018 Kaspersky Security Analyst Summit, following extensive research on the key elements needed for an attack like this and the implications that would result if hackers were successful.

Lucas Apa, an IOActive senior security consultant, and IOActive Labs CTO Cesar Cerrudo have long explored robot security. Last year, the two disclosed about 50 flaws in popular robots and robot-control software used in businesses, homes, and industrial sites. Attackers could abuse these to remotely control a robot, infiltrate networks, steal data, and cause physical harm.

Their latest research explores post-exploitation techniques that ransomware attacks could use to disrupt businesses and force payment. "We decided to expand over our previous research, mainly because we realized ransomware could be used to get an actual profit," Apa explains.

Traditional endpoints commonly store information, which is why data has always been the primary target in ransomware campaigns. Robots are different; they handle different types of data but aren't typically used to store it. Payment data, video feeds, and audio are all examples of sensitive information that robots process but don't store internally.

Apa and Cerrudo were curious whether this data could be targeted with ransomware. The team built a proof-of-concept (PoC) ransomware to stage an attack on Softbank's NAO, a research and education robot with 10,000 in use worldwide. Their PoC attack also works on Pepper, which has nearly the same operating system and vulnerabilities as the NAO robot. The researchers note this attack is possible "on almost any robot" in a blog post detailing their findings.

Someone could deploy ransomware by exploiting an undocumented function that allows remote command execution. The flaw was reported to Softbank and is being disclosed today. As of this writing, there is no fix available. From there, an attacker could infect module files to change the robot's default operations, disable admin features, monitor video and audio, and send data to a command-and-control server.

This infection could spread among robots connected to the same internal network, even if they're not on the Internet, says Cerrudo. If a robot is running the same operating system as a desktop machine, there is potential for an infection to spread from one to the other.

"An attacker can execute commands and modify certain behaviors of the robot," he explains. "If this is done on a high scale on company robots, which could be in the hundreds … this could affect an entire group of robots."

The Potential for Damage
The implications of robot ransomware are broad and dangerous. An attacker could completely interrupt service by shutting robots down, display offensive content on the robot's screen, or perform violent movements and even cause harm to workers. Instead of targeting data, attackers could target software to make the robot non-operational until the victim pays up.

There are several reasons businesses might pay the ransom in these cases. For starters, robots are expensive. Even the most basic enterprise robots cost about $10,000, Apa notes. Most businesses would rather pay attackers than deal with the hassle of fixing a dead robot.

"It creates a huge problem," says Cerrudo. "Once a robot has been compromised with ransomware, you have to send it away to fix it or employ a special technician to fix the problem. It could take a few days or many weeks."

And for robots used in the enterprise, time is money. Every second the robot is not working causes financial loss, whether it's from lost revenue, production costs, or repair costs.

Both Apa and Cerrudo anticipate the risk of robot ransomware will grow as businesses become increasingly dependent on them to build products and offer services. Attackers can exploit them to do more than steal data, driving the consequences of ransomware.

While the ultimate fix is for vendors to build more-secure robots, the researchers urge businesses to take precautions when deploying these machines in the enterprise. "Make sure the robot has security protections, authentication, and encryption, and it's not an easy target," says Apa. "Research has shown most commercially available robots are insecure."

Related Content:


Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop ITX 2018 agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
11/14/2018 | 12:36:44 AM
Re: About the Security Of the Anyones System Who Used Windows Or Any Other Operating System Like Linux, Unix.....
Here is a great article for those of you who might have had slightly unrealistic expectations from this. If you have any particular issues related to the printer offline windows 10  you can firmly go through the  https://goo.gl/4ie3UH and It will be really helpful. Hope for you too.
User Rank: Apprentice
3/13/2018 | 7:29:10 PM
About the Security Of the Anyones System Who Used Windows Or Any Other Operating System Like Linux, Unix.....
There are so many users who used The Robot or Trojan to hack The someone information or the identification information for misused and they give an extra headache to protect your system, You have to use The antivirus there are so many software in the market but here the  Avira Customer Support always Provide The good solution and Trusted user satisfaction. 


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat Researcher,  10/21/2020
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Alan Brill, Senior Managing Director, Cyber Risk Practice, Kroll,  10/21/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-26
libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id.
PUBLISHED: 2020-10-26
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application usi...
PUBLISHED: 2020-10-26
Ruckus through is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.
PUBLISHED: 2020-10-26
Ruckus vRioT through has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header.
PUBLISHED: 2020-10-26
In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to alter the value of [the `GITHUB_REF` environment variable]. The problem has been patched in version ...