Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

09:00 AM
Connect Directly

What Happens When You Hold Robots for Ransom?

Researchers explore why an attacker would target robots with ransomware, and the implications of what might happen if they did.

Robots are in our homes, businesses, schools, and industrial facilities. They're builders and service workers, healthcare attendants and customer assistants. As robots continue to proliferate in our lives and human-robot interactions grow, so does the potential for cyberattacks.

The rise of robots is driving new attack vectors and threat scenarios — for example, a robot-targeted ransomware attack. IOActive experts this week conducted the first-ever ransomware attack on robots at the 2018 Kaspersky Security Analyst Summit, following extensive research on the key elements needed for an attack like this and the implications that would result if hackers were successful.

Lucas Apa, an IOActive senior security consultant, and IOActive Labs CTO Cesar Cerrudo have long explored robot security. Last year, the two disclosed about 50 flaws in popular robots and robot-control software used in businesses, homes, and industrial sites. Attackers could abuse these to remotely control a robot, infiltrate networks, steal data, and cause physical harm.

Their latest research explores post-exploitation techniques that ransomware attacks could use to disrupt businesses and force payment. "We decided to expand over our previous research, mainly because we realized ransomware could be used to get an actual profit," Apa explains.

Traditional endpoints commonly store information, which is why data has always been the primary target in ransomware campaigns. Robots are different; they handle different types of data but aren't typically used to store it. Payment data, video feeds, and audio are all examples of sensitive information that robots process but don't store internally.

Apa and Cerrudo were curious whether this data could be targeted with ransomware. The team built a proof-of-concept (PoC) ransomware to stage an attack on Softbank's NAO, a research and education robot with 10,000 in use worldwide. Their PoC attack also works on Pepper, which has nearly the same operating system and vulnerabilities as the NAO robot. The researchers note this attack is possible "on almost any robot" in a blog post detailing their findings.

Someone could deploy ransomware by exploiting an undocumented function that allows remote command execution. The flaw was reported to Softbank and is being disclosed today. As of this writing, there is no fix available. From there, an attacker could infect module files to change the robot's default operations, disable admin features, monitor video and audio, and send data to a command-and-control server.

This infection could spread among robots connected to the same internal network, even if they're not on the Internet, says Cerrudo. If a robot is running the same operating system as a desktop machine, there is potential for an infection to spread from one to the other.

"An attacker can execute commands and modify certain behaviors of the robot," he explains. "If this is done on a high scale on company robots, which could be in the hundreds … this could affect an entire group of robots."

The Potential for Damage
The implications of robot ransomware are broad and dangerous. An attacker could completely interrupt service by shutting robots down, display offensive content on the robot's screen, or perform violent movements and even cause harm to workers. Instead of targeting data, attackers could target software to make the robot non-operational until the victim pays up.

There are several reasons businesses might pay the ransom in these cases. For starters, robots are expensive. Even the most basic enterprise robots cost about $10,000, Apa notes. Most businesses would rather pay attackers than deal with the hassle of fixing a dead robot.

"It creates a huge problem," says Cerrudo. "Once a robot has been compromised with ransomware, you have to send it away to fix it or employ a special technician to fix the problem. It could take a few days or many weeks."

And for robots used in the enterprise, time is money. Every second the robot is not working causes financial loss, whether it's from lost revenue, production costs, or repair costs.

Both Apa and Cerrudo anticipate the risk of robot ransomware will grow as businesses become increasingly dependent on them to build products and offer services. Attackers can exploit them to do more than steal data, driving the consequences of ransomware.

While the ultimate fix is for vendors to build more-secure robots, the researchers urge businesses to take precautions when deploying these machines in the enterprise. "Make sure the robot has security protections, authentication, and encryption, and it's not an easy target," says Apa. "Research has shown most commercially available robots are insecure."

Related Content:


Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop ITX 2018 agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
User Rank: Apprentice
3/13/2018 | 7:29:10 PM
About the Security Of the Anyones System Who Used Windows Or Any Other Operating System Like Linux, Unix.....
There are so many users who used The Robot or Trojan to hack The someone information or the identification information for misused and they give an extra headache to protect your system, You have to use The antivirus there are so many software in the market but here the  Avira Customer Support always Provide The good solution and Trusted user satisfaction. 


User Rank: Apprentice
11/14/2018 | 12:36:44 AM
Re: About the Security Of the Anyones System Who Used Windows Or Any Other Operating System Like Linux, Unix.....
Here is a great article for those of you who might have had slightly unrealistic expectations from this. If you have any particular issues related to the printer offline windows 10  you can firmly go through the  https://goo.gl/4ie3UH and It will be really helpful. Hope for you too.
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-15
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
PUBLISHED: 2021-05-15
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.