Ransomware, the act of demanding money by locking
down devices and files, is not only a threat on phones or computers.
It's coming for robots, too.
Watch Video:- https://money.cnn.com/2018/03/09/technology/robots-ransomware/index.html
Researchers at
security firm IOActive have successfully conducted a ransomware attack
on a SoftBank Robotics NAO humanoid robot.
Designed for schools and businesses, NAO and its more popular sibling
Pepper are robots equipped with microphones and cameras. They're
typically used in classrooms, retail stores, and offices for customer
assistance.
After installing ransomware on the robot, the
security firm was able to get it to demand bitcoin. The researchers
could modify system files and the robot's behavior, such as
forcing it to say threatening messages.
The team also noted a hacked robot's potential ability to steal stored
data, say curse words, or display controversial content such as
pornography if it has a screen.
"Ransomware for robots is a real threat with potentially huge economic
implications for businesses -- even more than regular ransomware," the
researchers wrote in a report published Friday.
Related: Why ransomware costs small businesses big money
As robots become increasingly commonplace, from smart speakers like
Amazon Echo to manufacturing plants, it's a reminder of the threats that
could disrupt our lives.
In IOActive's case, the ransomware
installation required the same Wi-Fi network as the robot. This means
the hack had to take place nearby; if a robot is connected to a retail
store's public internet, a hacker would need access to its Wi-Fi network
to compromise the device.
The experiment followed IOActive's
work last year that discovered 50 vulnerabilities in robots manufactured
by a number of vendors, including SoftBank Robotics. To further their
research, IOActive created a proof-of-concept ransomware attack on the
NAO robot. Because it was developed in a similar way, the attack would
also likely work on Pepper.
IOActive said researchers alerted
SoftBank Robotics to the security issues in January 2017, but the
company has not yet fixed the flaws.
"When in use of Pepper, we
ask to maintain the wifi network security, and also to set the robot
passwords correctly. We will continue to improve our security measures
on Pepper, so we can counter any risks we may face," the firm said in a
statement.
The researchers said fixing a robot controlled by
ransomware requires a specialized technician. A robot owner might have
to send the robot back to the vendor for repairs, which could be costly.
The financial cost of general ransomware on businesses is significant.
Small businesses
can lose hundreds thousands of dollars and days of productivity due to
disruptions in their services. At large corporations, the cost can be
even higher.
Last year, the WannaCry ransomware attack
shut down hospitals in the UK, which were forced to turn patients away due to computer issues. The malware also
infected a Honda plant in Japan and disrupted vehicle production.
Although the IOActive research didn't harm a business or consumer, it's
an example of the potential issues of robots and connected devices. The
more gadgets become a part of the so-called Internet of Things (IoT) --
which includes products like internet-connected lightbulbs, smart TVs
and speakers -- the more opportunities hackers have to conduct
cyberattacks.
"Robots are IoT on steroids," said Cesar Cerrudo,
CTO at IOActive. "And the impact of ransomware is much bigger, as it
directly affects business production and services."
CNNMoney (San Francisco) First published March 9, 2018: 9:03 AM ET