They call it Herb2. It’s a dapper robot, wearing a bowtie even while it sits at home in its lab at the University of Washington. Its head is a camera, which it cranes up and down, taking in the view of a dimly lit corner where two computer monitors sit.
All perfectly normal stuff for a robot—until the machine speaks: “Hello from the hackers.”
Clear across the country at Brown University, researchers have compromised Herb2. They’ve showed how they can scan for internet-connected research robots in labs and take command—with the blessing of the robot's owners at the University of Washington, of course.
“We could read the camera, essentially spying,” says roboticist Stefanie Tellex. “We could see where its arms were and they were moving. There was a text-to-speak API so we could have the robot mysteriously talk to you.”
The researchers looked specifically at the Robot Operating System, or ROS, a favorite in robotics labs. Really, the name of it is a bit misleading—it’s more middleware that runs on top of something like Linux. But if you’ve got something like a Baxter research robot, you can use ROS to get the thing to do science. Maybe you want to teach it to manipulate objects, for instance.
So the researchers went a-hunting for robots running ROS that were hooked up to the internet, knowing that the operating system doesn’t come with security built in. Usually, that’s OK, because researchers tend to keep the things on their own secure networks, not a public one like the internet. “When we started work on ROS over 10 years ago we explicitly excluded security features from the design,” says Brian Gerkey, CEO of Open Robotics. “We wanted the system to be as flexible and as easy to use as possible and we didn't want to invent our own security mechanisms and potentially get them wrong.”
But if you connect your ROS-loaded robot to the internet, someone is liable to find it and get in. The Brown researchers used a tool called ZMap to do a scan of nearly 4 billion internet addresses. “What ZMap can do is send a package to every single host on the internet on a certain port and it will see if it gets a response back,” says security researcher Nicholas DeMarinis, of Brown. Different ports handle different services—web traffic is either 80 or 443, for instance, and ROS is on port 11311. “So if we ping every host on port 11311 and we get a response back, that might be something running ROS.”
They ended up finding over 100 instances of ROS, of which about 10 percent were actual robots (others were things like robots running in simulation, not the real world). That might not seem like much, but then again, research robots aren’t typically sitting around powered up and ready to be found all day. “Most people in the research community, they're turning the robot on and then working for a while and then turning it off,” says Tellex. And the researchers only did a few scans over the course of a few months, lest they overwhelm networks and piss people off. “We suspect that if you were scanning at a higher frequency, if we were doing a scan every week, you would find many more robots.”
The robots they did find they could characterize by looking at identifiers associated with a machine’s hardware. So something like “camera_info” would suggest the robot has a camera, and “joint_trajectory” would suggest that it has arms to move. Even more specifically, you might expect “gripper” to signal that the robot has hands. The real giveaway, though? Robots have unmistakable names. “You see the name Baxter, for one,” says DeMarinis. Mystery solved.
For obvious ethical reasons, the researchers didn’t just take control of someone’s robot and roll it around the room—they notified the owners of vulnerable machines instead. Save for Herb2, of course, whose owners gave the blessing to manipulate.
So why hook up a robot to the internet at all? For one, researchers might want remote access to their robots. Just ask the people running this experiment, who found their own robot in the scan. “That was how our Baxter was exposed,” says DeMarinis. “We had enabled remote access and then it wasn't taken down.” The lesson here? If you are going to hook up your robot to the internet, maybe consider a firewall or VPN. The next version of ROS, Gerkey adds, will indeed incorporate robust security.
“No one's really thinking about security on these types of things,” says computer scientist George Clark, who researches robotics and cybersecurity at the University of South Alabama. “Everyone's just putting things out there trying to rush to market, especially in a research type of environment. My worry is how this carries over to a more industrial or consumer market.”
But what are the odds the ROS as an early robotics platform will bleed into future home or industrial robots or even self-driving cars? “I would put the odds at almost a certainty,” says computer scientist Severin Kacianka of the Technical University of Munich. “I know for a fact that car companies are very much looking into ROS and deploying it in their cars. Of course they want to add some security modifications.”
Which would be the responsible thing to do. But not all robot manufacturers will be so sensible. So the conscious decision for the designers of a foundational robotics system like ROS to exclude security considerations could trouble the industry. “Nothing makes a security professional shiver as much, or get as frustrated, along the lines of, ‘We're going to consciously exclude security from a fundamental platform,’” says Mark Nunnikhoven, vice president of cloud research at security firm Trend Micro, which has studied robot security. “Because we know from example after example that security is best built in from day one, rather than bolting it on.”
It’s worth noting that ROS isn't fundamentally busted—in fact, it's proved an invaluable tool for roboticists. And this is not just a question of ROS. Not every manufacturer is going to give a damn about securing their robot if it means winning the race to market, regardless of the platform they’re using. Let’s hope “Hello from the hackers” doesn’t turn into a household phrase.