That Cool Robot May Be a Security Risk

Mar 1, 2017

By John Markoff

In the coming age of robotics, many of those autonomous machines will be internet-connected and mobile.

What could possibly go wrong?

Significant security flaws were found in an examination of six home and industrial robots, according to a report to be released Wednesday by IOActive, a computer security consulting firm with headquarters in Seattle. The report notes that only four of the six companies responded to the firm’s alert, and only two said they planned to make patches after being informed of the problems.

The researchers, who described the categories of vulnerabilities they had discovered in the report but not the specific flaws, said their research was simply an early reconnaissance of the field.

“It’s important to note that our testing was not even a deep, extensive security audit, as that would have taken a much larger investment of time and resources,” the authors wrote. “The goal for this work was to gain a high-level sense of how insecure today’s robots are, which we accomplished.”

Continue reading by clicking the name of the source below.

2 comments on “That Cool Robot May Be a Security Risk

  • Mark #1
    Mar 2, 2017 at 7:55 am

    I think poor cyber security is leaving many things from children’s toys and smart household appliances, to industrial production machines and nuclear power-stations, open to hacking!

    An open database containing links to more than 2 million voice messages recorded on cuddly toys has been discovered, cybersecurity researcher Troy Hunt has revealed.

    The messages were created by owners of CloudPets soft toys.

    At one point, the data was even held to ransom, Mr Hunt says.

    The animals are advertised as being toys that enable people to record and send greetings via a phone app and the toy itself.

    The creatures are marketed as cuddly devices to connect children to working parents or grandparents.

    They are currently on sale for a heavily discounted £6 in UK children’s store The Entertainer but are listed at $29.99 on the CloudPets US website.

    In a statement, California-based Spiral Toys, which makes the animals, said it was notified about a potential breach in February and “took immediate and swift action”.

    “When we were informed of the potential security breach we carried out an internal investigation and immediately invalidated all current customer passwords to ensure that no information could be accessed.

    “To our best knowledge, we cannot detect any breach on our message and image data, as all data leaked was password encrypted.”

    It added that it is now requiring users to choose “new, increased security passwords” and has sent out emails informing customers of the potential compromised login data.

    There appeared to be around 820,000 accounts visible.

    Both Mr Hunt and British security researcher Ken Munro said the toy showed similar vulnerabilities to the Cayla doll, an internet-connected toy that was found to be easily breached and could even be hacked to spy on its owners.

    Report abuse

Leave a Reply

View our comment policy.