Many experimental robots that live in research laboratories around the world may be wide open to hackers.
Researchers at Brown University, led by Stefanie Tellex, scanned the internet for machines running ROS, a popular open-source operating system used on many research robots. Tellex and her team discovered more than a hundred systems vulnerable to being accessed and even manipulated over the internet. Not a huge number—but a warning for the research community, Tellex says.
These systems could present a juicy target for online mischief makers, Tellex says, simply because it would be fun, and cool, to take control of a real live robot. But it isn’t inconceivable that state-sponsored hackers might also go after them, in order to steal data, disrupt research, or cause accidents.
The issue isn't due to any security flaws or oversights in the design of ROS. Users are simply expected to secure their own systems. But without due care, the situation could get worse in the future. “As robotics becomes more advanced and spread out around the world, it’s important that we make sure these systems are fielded in a secure way,” Tellex says.
The Brown researchers tried taking control of one robot, a machine at the University of Washington, with the permission of its owners. They showed that they could read the robot’s sensors and move it around.
They even found one vulnerable machine in their own lab. This was so that another research group, at MIT, could remotely operate the robot using virtual reality. “But we should’ve taken it offline after we were done,” Tellex says.
Robots have been common at university research labs for decades. These machines are becoming ever more sophisticated, and researchers are exploring many ideas that involve connecting robotic systems over a network, for purposes including tele-operation and allowing one robot to share what it has learned with another system—an approach known as “cloud robotics” (see “Robots that teach each other”).
ROS, which stands for Robotic Operating System, has been a boon to robotics researchers over the past few years. It provides a standard platform for programming different hardware and a growing array of packages that give robots new capabilities. These includes libraries and algorithms for vision, navigation, manipulation, and so on.
ROS has been also been adopted by startups developing novel robotic systems including self-driving cars, warehouse helpers, and delivery bots. Industrial engineers tend to take security a lot more seriously, but internet connectivity inevitably creates new vectors for hackers (see “Botnets of things”).
“When we started work on ROS over 10 years ago, we wanted the system to be as flexible and as easy to use as possible,” says Brian Gerkey, CEO of Open Robotics, the foundation behind ROS. “As the authors of this paper note, users of ROS should take care to secure their ROS systems at the network level.”
Gerkey notes that Open Robotics is currently working on a 2.0 version of the software that will be more secure. The foundation has also announced the creation of a new, security-focused version of the operating system, called SROS (Secure ROS).
Artificial intelligence is creating a new colonial world order
An MIT Technology Review series investigates how AI is enriching a powerful few by dispossessing communities that have been dispossessed before.
Meta has built a massive new language AI—and it’s giving it away for free
Facebook’s parent company is inviting researchers to pore over and pick apart the flaws in its version of GPT-3
This horse-riding astronaut is a milestone in AI’s journey to make sense of the world
OpenAI’s latest picture-making AI is amazing—but raises questions about what we mean by intelligence.
How the AI industry profits from catastrophe
As the demand for data labeling exploded, an economic catastrophe turned Venezuela into ground zero for a new model of labor exploitation.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.