What nightmares run on: Robots are vulnerable to ransomware too
Robots may become the new vehicle for ransomware, according to an IOActive report. In lieu of encrypting data, hackers could exploit the software operating robots in exchange for a ransom. By doing so, the infected robot becomes non-operational until the ransom is paid. Working robots, like SoftBank's Pepper, could heavily cost a company if its robots were non-operational for long periods of time.
IOActive constructed a proof of concept ransomware to exploit a robot's "undocumented function that allows remote command execution," according to IOActive. A hacker must "infect *.so module files" to disable administrative features, change the robot's root password and "disrupt factory reset mechanism[s]." Hackers then need to tell the command and control server of the infection and infect the files where custom code, or the code used to "execute" actions, is stored.
As of right now, most robots on the market don't have a fix, a patch for the flaw or a quick factory reset. Instead, owners of a potentially compromisable robot need to send it back to the manufacturer, which extends the period of time the robot is non-operational.
Robots have an increased presence in everyday technology and hackers could take note. In 2017, IOActive found about 50 flaws in robots from varying vendors.
Hackers could exploit those vulnerabilities to spy through a robot's microphone or camera, steal data or even cause "physical harm," according to the report.
Traditional ransomware targets and encrypts a victim's data. But ransomware for robots encrypts and blocks the software they run on, stalling a robot's functionality. When a potential victim is faced with paying a ransom or losing operational capabilities, they will likely choose the payment option, particularly if they don't have backups in place.
Cybercrimes are already costing companies up to $2.4 million per attack but ransomware executed via robots may be even more costly. Because companies are increasing their reliance on robots, rendering them non-operational could take a toll on almost all aspects of a business: IT, supply chain, customer assistance, etc.
Ransomware execution is increasing in effectiveness and frequency. Experts agree that ransomware distributed through drive-by downloads with self-propagating properties is maturing.
- IOActive Robots Want Bitcoins too!
Follow Samantha Ann Schwartz on Twitter