Robot Security Flaws Leave Commercial Machines Vulnerable to Hackers
Commercial robots are increasingly susceptible to cyberattacks, with experts warning that malicious actors can gain control of these machines in a matter of minutes, potentially causing physical harm.
The robotics industry is facing a critical security crisis, with vulnerabilities “riddled with holes,” according to a cybersecurity expert at Darknavy, a research and services firm operating in Singapore and Shanghai. The firm’s findings, revealed on December 17, demonstrate the alarming ease with which hackers can commandeer both quadruped and humanoid robots.
During testing, the Darknavy team successfully took control of a Deep Robotics’ Lite-series quadruped robot within just one hour by exploiting low-level security issues. Another researcher demonstrated the ability to seize control of a Unitree Robotics humanoid machine in under a minute. The demonstration involved the robot’s indicator light changing from blue to red, ceasing response to its controller, and then, under the researcher’s command, aggressively advancing toward a reporter, swinging its fist.
The hacking process unfolds in two distinct phases, explained one of the Darknavy researchers. First, a hacker establishes remote access, then bypasses the standard remote controller to directly manipulate the robot’s motor and execution unit. This allows attackers to compel the robot to perform dangerous and potentially damaging actions.
“This is the core of security risks in robots,” the researcher stated. “When network vulnerabilities are combined with real physical execution capabilities, the impact extends beyond the data system.”
While Unitree Robotics established a dedicated security department in the latter half of the year, other major players, including Deep Robotics and EngineAI Robotics Technology, have yet to follow suit.
The existing security gaps are, in part, a consequence of the industry’s rapid development, according to Lin Yipei, a robotics engineer. Approximately 80% of Unitree’s quadrupeds were utilized in scientific research, education, and consumer applications last year. To facilitate debugging and accelerated development, these robots are often equipped with developer-oriented features like remote login and low-level control.
“Those functions are usually turned off in mature mass-produced products, such as cars, to avoid exposure to potential attackers,” Yipei pointed out. “If those functions are abused when robots enter the public domain, it may lead to non-users being able to take control, dramatically increasing safety risks.”
The potential for real-world harm is already evident. A researcher at an unnamed company reported a foot injury sustained from an out-of-control robot. This incident echoes an event at the World Robot Conference in Beijing in August, where a quadruped robot collided with children.
Experts emphasize that achieving true robotic safety requires a comprehensive, multi-layered defense system encompassing models, systems, hardware, and development processes. “Otherwise, attackers often follow the ‘barrel principle’ and break into the system from the weakest link,” noted researcher Xu Zikai, referencing the concept that a system’s capacity is limited by its most vulnerable component – akin to a wooden barrel’s water-holding capacity being determined by its shortest stave.
The findings underscore the urgent need for robust security measures as robots become increasingly integrated into daily life.
