Research conducted by Kaspersky and Ghent University has found that robots can effectively extract sensitive information from people who trust them, by persuading them to take unsafe actions. For example, in certain scenarios, the presence of a robot can have a big impact on people’s willingness to give out access to secure buildings.
The world is rapidly moving towards increased digitalization and mobility of services, with many industries and households relying strongly on automatization and the use of robotic systems. According to some estimates, the latter will become the norm for wealthy households by 2040. Currently, most of these robotic systems are at the academic research stage and it is too early to discuss how to incorporate cybersecurity measures.
However, research by Kaspersky and Ghent University has found a new and unexpected dimension of risk associated with robotics – the social impact it has on people’s behavior, as well as the potential danger and attack vector this brings.
The research focused on the impact of a specific social robot – one that was designed and programmed to interact with people using human-like channels, such as speech or non-verbal communication, and as many as around 50 participants.
Assuming that social robots can be hacked, and that an attacker had taken control in this scenario, the research envisaged the potential security risks related to the robot actively influencing its users to take certain actions including:
“At the start of the research we examined the software used in robotic system development. Interestingly we found that designers make a conscious decision to exclude security mechanisms and instead focus on the development of comfort and efficiency. However, as the results of our experiment have shown, developers should not forget about security once the research stage is complete,” said Dmitry Galov, security researcher at Kaspersky.
“In addition to the technical considerations there are key aspects to be worried about when it comes to the security of robotics. We hope that our joint project and foray into the field of cybersecurity robotics with colleagues from the University of Ghent will encourage others to follow our example and raise more public and community awareness of the issue,” added Galov.
Tony Belpaeme, professor in AI and robotics at Ghent University, said scientific literature indicates that trust in robots and specifically social robots is real and can be used to persuade people to take action or reveal information.
“In general, the more human-like the robot is, the more it has the power to persuade and convince. Our experiment has shown that this could carry significant security risks: people tend not to consider them, assuming that the robot is benevolent and trustworthy. This provides a potential conduit for malicious attacks and the three case studies discussed in the report are only a fraction of the security risks associated with social robots. This is why it is crucial to collaborate now to understand and address emerging risks and vulnerabilities – it will pay off in the future,” added Belpaeme.