Select a region
A ransomware attack similar to the WannaCry hack which crippled parts of the NHS could leave robots paralysed and thousands of businesses at the mercy of hackers, security experts have warned.
Traditionally ransomware encrypts data but it could be used to hold a robot’s functionality to ransom rendering them useless, professional hackers from IOActive have told the 2018 Kaspersky Security Analyst Summit (SAS) in Mexico.
“It’s no secret that ransomware attacks have become a preferred method for cyber criminals to get monetary profit by encrypting victim information and requiring a ransom to get the information back,” said senior security researcher Lucas Apa.
He found that the behaviour of a robot could be shifted by entering custom code into a behaviour file. In a video demo, a retail robot switched from being helpful and polite to malicious and demanding the cryptocurrency Bitcoin.
“We decided to conduct a proof-of-concept ransomware attack on the NAO robot, leveraging vulnerabilities we uncovered in our prior research in 2017,” Apa added.
“What we found was pretty astonishing: Ransomware attacks could be used against business owners to interrupt their businesses and coerce them into paying ransom to recover their valuable assets.”
In May 2017 the WannaCry ransomware, which locked users out of their computer systems until a Bitcoin ransom was paid, struck businesses in more than 150 countries around the world, including the NHS.
As a result of the attack, which shut down systems at hospitals across the country, ambulances were redirected and many services were forced to operate on an emergency-only basis.
Apa and IOActive chief technical officer Cesar Cerrudo conducted the robot ransomware attack on commercially available Pepper and NAO robots, developed by SoftBank Robotics. They have alerted the firm to the findings.
