Robot Not a Dev? Buy Now
Not a Dev?

Misty Community Forum

Keeping Robots Secure

This research proposes using a decoy robot as part of the security strategy for robots.

Can you think of other preventative measures that can improve security and reduce vulnerability to being hacked for robots that connect to the internet?


I can tell you a list of products (non-robots) that have open telnet ports and no authentication requirements.

I think about robots and their capabilities (and how they can do actual stuff) and imagine scenarios where hackers can access them and quickly it becomes a bad horror movie.

Considering that security still isn’t a mainstream concern overall in the world (and it should), I think it’s really the responsibility of robot manufacturers to force some level of standard encryption at the least. Maybe 2-factor authentication for code changes? Not sure, but it’s going to be a hot topic once the first consumer robot gets hacked.


e2e encryption as a start, since most of the communication could be pub/sub I think of it like how most chat applications work,(example keybase). In terms of data storage its best just to not store anything at all unless you absolutely need it. also I’ve seen some insane hacks at the chip level to mod firmware or get encryption keys ( see this ) so honestly I think the best approach is to come up with a custom protocol, but then thats not very open. so then where does that leave things? how could we have open or common protocols but keep it secure? They honey pot is interesting but the fact that there is a term and research would lead me to suspect that an attacker will take that possibility into consideration when hacking. I’d like to hear other people’s thoughts as well. I don’t have any good answers beyond what could be considered basic security practice. An no I don’t think blockchain can solve this :grin: (maybe hashgraph though :wink: )


Does it make sense for robot manufacturers to standardize on security or security protocols? Or does doing so make it easier to get hacked?

When I buy a new computer, I typically receive 3-6 months of free anti-virus software. After that, it’s up to me to renew the subscription, if I care about protecting myself from trojans, malware, adware, spyware, and viruses. Some consumers choose to outsource the protection of their devices (e.g. phones, laptops) to third-party companies (Kaspersky, Norton, McAfee, etc.) and other consumers choose to take their chances with other means of protection for their personal devices. Should robot manufacturers leave robot security up to the consumer? Who is really responsible for keeping robots secure?

If eventually there is a robot in every home, it seems to me that there will be a lot of money to be made keeping robots secure; robot security seems like a great business opportunity. Do you think that robots will follow in the footsteps of laptops and phones, where a certain level of device protection and security is left in the hands of third-party companies? Will third-party companies emerge that develop software to protect robots and keep them secure?


I wonder if it’s common knowledge among people who use ROS that they are expected to secure their own systems?