In 2017, Lucas Apa and Cesar Cerrudo, security researchers at the consulting firm IOActive, showed that the version 2.5.5 of Pepper could be pirated via its software because of the vulnerabilities discovered when connecting to a network. They demonstrated that the robot could be controlled remotely, its manipulated members and its cameras used to spy on users.
Yet, more than a year later, SoftBank did not correct the software, according to an analysis of its change logs by Mr. Apa. He told the FT that the Japanese conglomerate had told him he could not solve the problem.
He said: “We were very disappointed with this response, but we understand that with any new technology, it is very difficult for manufacturers to get the attention or investment they need.”
Hackers expose the frailty of robots
SoftBank says that users have been asked to maintain the security of the Wi-Fi network and to correctly set the robot’s passwords. “We will continue to improve our security measures on Pepper so that we can deal with all the risks we may face,” says the company.
Pepper is one of many robots tested by Mr. Apa and Mr. Cerrudo last year. They discovered that other software, including those made by UBTech Robotics, Robotics, Universal Robots, Rethink Robotics and Asratec Corp, could also be hacked.
The case was also raised by Bundesnetzagentur, the telecommunications watchdog in Germany, which last year asked parents to destroy talking dolls called Cayla, as hackers could use an unsecured Bluetooth device to reveal personal data.
Cases of robotic piracy are rare – in part because autonomous machines still have to be widely deployed outside controlled areas such as factories, where they are connected to local networks. However, as robots become more powerful, concerns about weak security standards and their weaponry have increased.
Most of the devices currently produced have rudimentary security, and we will have to fix them by building more and more robotic systems, “says Toby Walsh, a professor of computer science at the University of New South Wales. and Research Group Leader at Data61, Australia’s Data Innovation Network
He urges manufacturers to sign a pledge to “not participate in or support the development, manufacture, trade or use of lethal self-sustaining weapons”.
Hackers expose the frailty of robots
Although autonomous weapons are developed separately from industrial or consumer robots, Walsh says the similarities could increase as ordinary robots, such as driverless cars, become more powerful and more common. “Regulators and governments need to intervene because we are developing technologies that sometimes have to be taken off the market, they are so dangerous,” he says.
For companies that build robots, the challenges are significant as hackers become more sophisticated.
“The smarter the technology, the more intelligent hackers become,” says David Hanson, founder of Hanson Robotics, based in Hong Kong. “The more the world becomes automated, the more opportunities there are for malice and calamity.”
He says that Hanson Robotics secures its robots, for example by ensuring that the data is processed on the robot itself rather than on the company’s servers. Apple, the smartphone maker, uses a similar strategy that handles most user data on devices, which it says protects privacy.
The data transferred from Hanson Robotics machines, like its humanoid Sophia, undergo a mathematically irreversible transformation so that they can not be de-anonymous. But Mr. Hanson adds, “It will never be completely safe.”
Some researchers say that autonomous robots are no more dangerous than other machines. They say that fear has been fueled by a misunderstanding about the limits of artificially intelligent machines. Humans are always stronger and more dangerous than most consumer robots and can also be manipulated, says David Wright, head of Deloitte’s Global Commercial Robotics team.
He adds that automation could even reduce the risk of hacking by eliminating unpredictability and human failures. “People can do something off-script, but the bot will only do what it has been programmed to do,” he says.
But skeptics claim that replacing mechanical processes with digital systems has already led to an increase in attacks. Hackers have shown that planes can be controlled by in-flight entertainment systems, while cars have been hacked by software.
According to Harri Valpola, founder of Curious AI, a Finnish start-up, robotics is simply the latest iteration of the hacking process.
“At the time, there was physics,” he says. “Now, more and more controls that humans have are not direct, they go through software – and it’s still possible to hack.”