Lucas and his killer robots. Photo: JW
I’m sure you’ve seen those cute little humanoid robots around? They’re either half size, or quarter size, they look like R2D2, and if you believe the ads, they could play with your kids or hold a screwdriver while you fix something under the sink. Some of them under $1,000. Nice, right?
Well, maybe not. The problem with these robots is that, a lot like everything else connected to the internet, they’re vulnerable to hackers. Lucas Apa, a researcher from ioactive, brought a couple into my office recently to show just how easy it is. These robots connect through wifi so you can control them, but that connection is really easy to hack, he showed. He says there’s very little if any security involved at all. In short, a bad guy could take over control of the robots and make them move, or monitor you — what you’re saying, what you’re doing — and send that back out to people. Or attack you.
To prove it he made one of the robots wander around as if he were drunk, while another, mimicking the ad, jabbed a screwdriver viciously while reciting lines from horror movie doll Chucky. These things, frankly, are scary enough with their unblinking eyes and the way they tilt their head to face you, even if you move. But Chucky’s voice and the screwdriver really freaked me out.
Lucas’ demonstration was just that: this is what could happen, he says, if we allow these things into our home and let kids play with them. He says there’s no evidence so far anyone has actually done this. The scariest thing, though, was that he’d been in touch with the half-dozen manufacturers of these things, some based in the US, some in Asia, for months and for the most part they’d either ignored him or said it wasn’t a problem. I got back to him recently and asked him whether things had improved when he’d gone public . No, he says; the companies that say they’ve addressed the problems haven’t.
For those of us watching the internet of things this is a familiar refrain. There are so many things connecting to the internet these days it’s not surprising that there are problems. There are dozens of devices in a home connecting, or trying to connect, to the wifi network. A senior cybersecurity guy told me he had found a bug in his wifi-connected barbeque that could theoretically have allowed someone to start a fire remotely.
In short. the people making these devices do not treat security as a priority, and indeed may not understand it.
The irony is that these are physical devices, not just computers, and so they could actually do more real-world damage, if not cause us physical harm, than a computer sitting in the corner. Sure, the latter contains credit cards and personal data, but we rely on these connected devices to feed us, carry us, clean us, protect us from intruders.
As Lucas showed with his Chucky-esque robot, this is not something we should be doing without a) thinking hard about how useful this is and b) quizzing the companies — hard — about how secure their devices are. I’m not convinced we’ve really thought this all the way through.