Household robots – a burglar's man on the inside?
Until robots rise up and overthrow their puny human creators, one of the main risks comes from the people using the robots. A new study warns that the current crop of household robots presents a serious safety and privacy risk. They make it all too easy for nefarious types to hijack control of the robots and access valuable data - even giving them the ability to watch and listen in on private conversations, and perform remote reconnaissance on a house.
During the past year, researchers from the University of Washington (UW) have evaluated the security of three consumer-level robots: the WowWee Rovio, a wireless, buglike rolling robot marketed to adults as a home surveillance tool that can be controlled over the Internet and includes a video camera, microphone and speaker; the Erector Spykee, a toy wireless Web-controlled "spy" robot that has a video camera, microphone and speaker; and the WowWee RoboSapien V2, a more dexterous toy robot controlled over short distances using an infrared remote control.
Among the worrying security issues they discovered was that the robots’ presence is easily detected by distinctive messages sent over the home’s wireless network, and that the robots’ audio and video streams can be intercepted on the home's wireless network or, in some cases, captured over the Internet. A malicious person could even gain control of the robots, since usernames and passwords used to access and control the robots aren’t encrypted, except in the case of the Spykee, which only encrypts them when sent over the Internet.
This provides a perfect way for a potential burglar to meticulously plan a burglary - by driving the robot around the house, listening in on conversations and conducting surveillance to see when the house is empty.
The researchers also found that only some robots give an audible or other alert when a user logs on, letting people nearby know that someone new is accessing the data. And only some periodically generate a noise or other signal when stationary, reminding people nearby that the robot is collecting data. Meaning it's all too easy to have your privacy invaded without even realizing it.
Although the risks today are small - due to only low numbers of such robots inside homes - the risk is set to become much more serious as the numbers of household robots, their capabilities, and people’s awareness of them becomes more widespread.
"In the future, people may have multiple robots in the home that are much more capable and sophisticated," says Denning, a UW doctoral student in computer science and engineering, "Security and privacy risks with future household robots will likely be more severe, which is why we need to start addressing robot security and privacy today."
The robots the researchers studied were purchased on or before October 2008, but they believe other robots now on the market offer a similar level of security. They suggested a few simple things owners of household robots can do to significantly increase their security, such as turning on encryption for a home wireless network, and disabling Internet access to the robot's controls. Shoppers for products that combine more advanced technology and wireless capabilities should also look at whether it protects privacy and security when deciding on a purchase.
Researchers said they hope privacy will someday be on buyers' minds when they look at products, and that in the future electronic privacy and security could be included as a category in Consumer Reports and other product reviews.
The research team’s study, A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons, can be found here.