Industrial hack can turn powerful machines into killer robots

When we imagine the existential threat to humanity posed by automation, we usually think of the negative impact on the workforce, not robots quite literally bludgeoning us to death.

In a post titled “Exploiting Industrial Collaborative Robots,” security researchers at IOActive detail how popular models of consumer and industrial robots have already been compromised in such a way that could cause humans bodily harm. The study examines a class of collaborative robots designed to work together with their human counterparts, often in industrial settings.

IOActive’s research focuses specifically on a set of unpatched vulnerabilities affecting the UR line of robots, made by Universal Robots, including “authentication issues in many of the control protocols, susceptibility to physical attacks, memory corruption vulnerabilities, and insecure communication transport.” The team disclosed the concerns to the company in January 2016, published a video on the exploits in July and has now detailed its method in depth in the blog post.

The hack, which targets a buffer overflow vulnerability, disables key safety measures put in place to ensure that the robots can work peaceably alongside their human counterparts. While the programming limits the physical parameters of what the industrial robots can and can’t do, hacks like the one demonstrated here allow these limits to be broken. The result could be dangerous, even catastrophic, for nearby human workers. As the study explains, “… Even the smaller UR5 model is powerful enough to seriously harm a person. While running at slow speeds, their force is more than sufficient to cause a skull fracture.”

According to documentation from Universal Robotics, these concerns are well-known. The risks include:

  • Penetration of skin by sharp edges and sharp points on tools or tool connectors

  • Penetration of skin by sharp edges and sharp points on obstacles near the robot track

  • Bruising due to stroke from the robot

  • Sprain or bone fracture due to strokes between a heavy payload and a hard surface

  • Mistakes due to unauthorized changes to the safety configuration parameters

Yikes. And these robots are already deployed and in use around the globe. Another video by IOActive demonstrates how Softbank’s NAO and Pepper robots are vulnerable to an exploit that could turn them into spying devices, collecting unencrypted video and audio data and transmitting it remotely.

In July, the company published research on how hoverboards, humanity’s other looming existential threat, are also trying to kill us.