While the machine uprising may not be upon us just yet, a group of University of Washington researchers has conducted a study on the various threats to security and privacy that household robots currently on the market could introduce to our homes. While their findings found little to fear in the way of an I, Robot-esque revolt, it turns out common household robots can open a home to various security and privacy threats, mostly via web-enabled features that are supposed to make the robots more useful. To put it briefly: if you can access your camera-equipped household robot remotely via the Internet, so can someone else.
The U of Washington team conducted their study on three of the more common household robots available today, with the goal of looking toward a future when more widely-available, more sophisticated robots take residence in our homes. While it all sounds a bit sci-fi, think about the many ways you can already remotely interact with objects inside your home. Both TiVo and Slingbox let you control your television’s DVR from afar, and many homes allow residents to control the lighting, air conditioning, and even door locks without being physically present. Implementation of the smart grid will only increase this remote control capacity. While the idea that some malicious hacker would break into your DVR to cancel your weekly recording of Gossip Girl sounds far-fetched, factor in a mobile robot equipped with camera, microphone, and “hands,” and the scenario becomes a bit more frightening.
Using WowWee’s RoboSapienV2 and Rovio as well as the Erektor Spykee, the U of W team tested for vulnerabilities that could make the robots a threat to privacy or security. Unfortunately, they found several. To pare it down, it is relatively easy for a hacker to remotely identify a robot within a home simply by scanning the digital air for packets of information robots periodically leak as part of their communication with wireless networks. Once located, it is child’s play for a hacker to hijack the username and password used to access the robot. From there a third-party could actively take control of the ‘bot’s mobility, or just passively monitor the video and audio feeds being transmitted.
Due to current technological limitations, the physical damage these particular robots could do is minimal, though they provide a conduit for a third-party to have eyes and ears inside of one’s home. A person with ill intentions could turn a tool you use to keep an eye on the kids when they’re home alone to a tool for finding out when you’re not there. Or where the spare key is. Or whatever, there’s numberless scenarios that could play out, some benign and some creepy. The point is, the more we integrate our lives with technology, the more we open ourselves to technological vulnerabilities.
As the U of W report shows, as our technology becomes more sophisticated, so do the threats. Their recommendations: think about what vulnerabilities a household robot could bring into your home, and if you still must have the technology, do absolutely everything you can to secure it.
In the meantime, don’t turn your back on your Roomba.