23 Ottobre 2009
Home robots and security
Dato che ieri ho reintrodotto il blog Artificial Intelligence and Robotics ed ora posso quindi glissare sulle presentazioni, approfitto della situazione per condividere con voi un’altra notizia individuata li’ dentro. Tamara Denning, studente di PhD alla Washington University, ha presentato ad Ubicomp 2009 (conferenza internazionale sull’Ubiquitous Computing tenutasi ad Orlando, Florida, nel periodo compreso tra lo scorso 30 settembre ed il 3 ottobre) un interessante paper scritto in collaborazione con altri quattro autori dal titolo A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons.
Il blog menzionato in apertura di post fa un ottimo riassunto dei punti chiave del lavoro. Qui di seguito potete leggere il tutto.
It is obvious to most people that a robot is to a large degree a digital computer on wheels (or legs more recently.) It has sensors and actuators that allow it to observe and manipulate its environment either autonomously or under remote control. Household robots such as the very popular Roomba have sold millions and it is predicted that this number will increase vastly in the coming years. Many if not all of these household robots also come with built-in functionality that allows them to be controlled remotely via an Internet connection; this implies both receiving motion commands and also transmitting sensor data to the remote user’s computer.
We all know that computer security is a major hassle for all computer owners. Literally seconds after a computer is connected to the Internet it comes under attack from hackers trying to gain illegal access and steal personal information or use the machine for other illegal activities. Since household robots today all have on board computers connected to the Internet, it makes sense that hackers might try to obtain control of them. In other words, a hacker could potentially take over your household robot and use it to take photos and video of its unsuspecting owners. If future robots are larger and more dexterous, then a hacker could potentially use it to cause property damage. Household robot security is a serious issue that robot manufacturers have to start thinking about; consumers should also demand that robots are designed to be secure.
Researchers at the University of Washington recently published a paper that presents the results of a study on the security of household robots currently available in the market. They focused on studying the 2008 versions of Robosapien V2, Rovio, and Spykee.
The researchers found a number of vulnerabilities that would allow any savvy hacker to take control of the robots or intercept sensor data transmitted over the Internet. In many cases, the data such as video and audio is transmitted unencrypted which means a man-in-the-middle attack would allow anyone to receive it. In addition, some of the robots allowed remote users to login without encrypting the username and password information allowing hackers to steal both with ease. For what it’s worth, Robosapien V2 was the most secure of robots simply because it does not connect to the Internet; however, it is still vulnerable to attacks by people using off-the-shelve infrared remote controls.
The vulnerabilities identified in this study are disturbing especially if one considers that at any moment someone could be spying on you and/or your children without your knowledge using a device that is to a large degree a harmless toy. The researchers suggest that household robot manufacturers should place more emphasis on security issues in order to protect consumer privacy. The message is clear that whether one considers the basic household robots available in the market today or the much anticipated and more capable future robots, security is a design parameter that should not be second thought for the robot designers.
Se voleste saperne di piu’, l’intero paper e’ scaricabile dalla pagina web della prima autrice, al link: http://www.cs.washington.edu/homes/tdenning/#publications.
