A group of world-renowned AI and robotics specialists has urged the UN to prevent these technologies being repurpozed into autonomous weapons, as new research from IOActive claims current industrial and commercial robots could already be considered a major insider threat.
The open letter includes signatories such as Tesla founder Elon Musk and cautions that “lethal autonomous weapons threaten to become the third revolution in warfare.”
It continues:
“Once developed, they will permit armed conflict to be fought at a scale greater than ever, and at timescales faster than humans can comprehend. These can be weapons of terror, weapons that despots and terrorists use against innocent populations, and weapons hacked to behave in undesirable ways. We do not have long to act. Once this Pandora’s box is opened, it will be hard to close. We therefore implore the High Contracting Parties to find a way to protect us all from these dangers.”
IOActive principal security consultant, Lucas Apa, told Infosecurity that it’s not just robots in the defense industry that people should be worried about, but the ones in homes and factories.
That’s because the research firm has just released an update to research released earlier this year which discovered around 50 vulnerabilities in six of the biggest robotics manufacturers, including SoftBank Robotics, UBTech and Universal Robots.
These could be exploited to steal sensitive corporate information, spy on users or even launch physical attacks.
Some of the vulnerabilities discovered included data sent unencrypted; no, or easy-to-bypass, authentication; insufficient authorization to protect key functionality; weak cryptography; weak default configurations and weak open source frameworks and libraries.
So-called “cobots” built by Universal Robotics could be hacked remotely to bypass in-built safety features, causing potentially fatal harm to their human colleagues on the factory floor.
Those used in the home or in commercial environments like SoftBank’s popular Pepper robot, could be hacked to do the same, said IOActive.
In fact, Pepper, of which tens of thousands of units have been sold worldwide, could also be hacked to capture and leak audio and video. This is what IOActive means when it describes robots as the next potential 'insider threat'.
“Companies, IT teams and end-users should be aware of the possible risks and threats robots can introduce if they are insecure. On top of this knowledge, education on security comes second for everyone in their organization, with training not only for engineers and developers, but also for executives and all others involved in product decisions,” explained Apa.
“Developers, engineers and product managers should learn at least the foundations of security best practices, and adapt them to their development life-cycle. Furthermore, vendors should have a clear communication channel for reporting security issues and handling reports, we expect more security research to be done in the future on this field so they should get ready.”