Research
robots sometimes left unsecured on the internet, study finds
Robotics
researchers wouldn’t dream of leaving the door unlocked when they leave the lab
for night, but a new study shows that research robots are often left exposed in
another way: unsecured on the internet.
A team of Brown
University researchers recently ran a worldwide scan in search of hosts running
the Robot Operating System (ROS), a popular research robotics platform.
During the scans, which were performed over three different periods in 2017 and 2018, they found as many as 100 exposed systems running ROS, up to 19 of which were considered to be fully operational robots.
The researchers showed that it’s possible to control these robots remotely — to spy on camera feeds and even send commands to move the robots around.
During the scans, which were performed over three different periods in 2017 and 2018, they found as many as 100 exposed systems running ROS, up to 19 of which were considered to be fully operational robots.
The researchers showed that it’s possible to control these robots remotely — to spy on camera feeds and even send commands to move the robots around.
“Though a few unsecured robots might not seem like a critical issue, our study has shown that a number of research robots is accessible and controllable from the public Internet,” writes the research team.
“It is likely these robots can be remotely actuated in ways [that are] dangerous to both the robot and the human operators.”
The findings are a
reminder, the researchers say, that everyone needs to be mindful of security in
an increasingly connected digital world.
The research was
presented in June as part of the Adversarial Robotics Workshop at the “2018
Robotics: Science and Systems” conference in Pittsburgh. ]
ROS is the dominant
platform used in research robotics. It can be thought of like a robot’s central
nervous system. The platform aggregates all of a robot’s various components —
its cameras, sensors and actuators — and ties them to a central computing node.
Through an external computer and a network connection, an operator connects to the central node to give commands to the robot.
Through an external computer and a network connection, an operator connects to the central node to give commands to the robot.
“ROS is a great tool
for robotics research, but the designers explicitly left security to the end
users,” said Stefanie Tellex, a roboticist at Brown and a study
co-author.
“It doesn't require any authentication to connect to a ROS master, which means if you're running ROS and it's not behind a firewall, anyone can connect to your robot.”
“It doesn't require any authentication to connect to a ROS master, which means if you're running ROS and it's not behind a firewall, anyone can connect to your robot.”
That got Tellex and
her Brown robotics colleague George Konidaris wondering how many robots running
ROS might be out there and accessible via the internet.
To find out, they turned to two other Brown colleagues, security expert Vasileios Kemerlis and network expert Rodrigo Fonseca.
To find out, they turned to two other Brown colleagues, security expert Vasileios Kemerlis and network expert Rodrigo Fonseca.
“Our group has the
ability to basically do a worldwide scan of the internet,” Fonseca said. “So we
started thinking about ways we could scan for ROS devices in a way that
wouldn’t be disruptive, but would give us an idea what’s out there.”
Nicholas DeMarinis, a
graduate student who works with Fonseca, led the scanning procedure. The
researchers sent queries to more than four billion IP addresses worldwide,
looking for programs running on the TCP (transfer communication protocol) port
that ROS normally uses.
Once they had a list of IP addresses that responded on that port, they sent passive ROS commands to determine if the program on the other end was indeed ROS.
Once they had a list of IP addresses that responded on that port, they sent passive ROS commands to determine if the program on the other end was indeed ROS.
The researchers
performed the scan on three different occasions and found around 100 exposed
systems running ROS.
Since ROS is also used for virtual robots in simulated environments and other applications that aren’t necessarily complete robots, the researchers looked at each ROS instance to determine which ones were likely to be real robots.
They found 19 robots on their first scan and around a dozen each on the next two scans. The team contacted the owners of all the detected robots and other ROS instances to let the researchers and network administrators know their systems were exposed.
Since ROS is also used for virtual robots in simulated environments and other applications that aren’t necessarily complete robots, the researchers looked at each ROS instance to determine which ones were likely to be real robots.
They found 19 robots on their first scan and around a dozen each on the next two scans. The team contacted the owners of all the detected robots and other ROS instances to let the researchers and network administrators know their systems were exposed.
One of the robots
detected turned out to be in the lab of one of Tellex’s
collaborators, Siddhartha Srinivasa, a computer science professor at the
University of Washington.
To find out if it were actually possible to take control of a robot remotely, Tellex contacted Srinivasa and asked his team to leave some of the robot’s functions online for a test. Tellex showed that she could indeed access the robot’s camera, move its neck and even make the robot speak using a ROS speech function.
To find out if it were actually possible to take control of a robot remotely, Tellex contacted Srinivasa and asked his team to leave some of the robot’s functions online for a test. Tellex showed that she could indeed access the robot’s camera, move its neck and even make the robot speak using a ROS speech function.
That kind of access
can be dangerous, the researchers say.
“These robots can
potentially be moved in ways endangers to the robot, as well as to the people
operating the robot,” Tellex said.
“This is very timely
and important work by Stefanie and her team, and we are honored to
collaborate,” Srinivasa said.
“As scientists, we are deeply committed to understand and mitigate the security risks of emerging technologies we create. At U.W., we have been working together with security experts to create safe artificial intelligence, and this work further emphasizes the need for such interdisciplinary collaborations.”
“As scientists, we are deeply committed to understand and mitigate the security risks of emerging technologies we create. At U.W., we have been working together with security experts to create safe artificial intelligence, and this work further emphasizes the need for such interdisciplinary collaborations.”
The researchers say
they performed the study not to point the finger at any individual labs, but to
underscore the fact that the security holes in ROS can easily be overlooked.
In fact, one of the robots found during the scans was on Tellex’s own lab. They had put it on the internet for an external demonstration and simply forgot to lock it back down.
In fact, one of the robots found during the scans was on Tellex’s own lab. They had put it on the internet for an external demonstration and simply forgot to lock it back down.
The good news is that
securing these robots isn’t particularly difficult. They just need to be
running behind a firewall or on a virtual private network. But that requires
users to be mindful of security, and the researchers hope this study will
encourage people to be just that.
They also hope the work might encourage security monitoring services like Shodanto start doing their own scans for ROS.
They also hope the work might encourage security monitoring services like Shodanto start doing their own scans for ROS.
“When you have
software written without security in mind coupled with people not thinking
about security, that’s a dangerous combination,” Fonseca said. “We can think of
this in the larger context of the Internet of Things, where we need to think
about security in all stages of a product, from the development and upgrade
cycle to the way in which users deploy the devices.”
