机器人安全缺陷或被用于攻击主人
安全专家表示,世界上最著名的一些机器人存在监听它们的用户、泄露商业机密,甚至被控制、被用于实施身体攻击的风险。这些专家们警告,机器人很容易遭到网络攻击。
IOActive, a cyber security company, tested 50 robots — including SoftBank Robotics’ childlike Pepper robot and Rethink Robotics’ industrial Baxter robot — and discovered weaknesses that would allow a hacker to manipulate arms and legs and take over microphones and cameras.
网络安全公司IOActive测试了50台机器人,包括软银机器人(SoftBank Robotics)生产的孩子模样的Pepper,以及Rethink Robotics的工业机器人Baxter,结果发现了一些缺陷,黑客可以利用这些缺陷来操纵机器人的手臂和腿,或者控制麦克风和摄像头。
As more robots replace humans in jobs from construction sites to hospitals, with Pepper already being used in stores and homes and Baxter deployed on assembly lines , the impact of a potential cyber attack increases. Spending on robots and related services is set to double to $188bn in 2020, according to data from research firm IDC.
随着越来越多的机器人在从建筑工地到医院的工作岗位上取代人类——Pepper已被用在商店和家庭,Baxter被用在装配线上——潜在网络攻击的影响也将增加。研究公司IDC的数据显示,2020年,机器人及相关服务方面的支出将比现在翻一番,达1880亿美元。
Cesar Cerrudo, chief technology officer for IOActive Labs, which specialises in hunting for flaws in so-called Internet of Things devices, said he was concerned that robots were being connected to the internet with no thought for cyber security.
IOActive LabsIOActive专门致力于寻找物联网设备的缺陷,该机构的首席技术官塞萨尔•塞鲁多(Cesar Cerrudo)表示,他担心人们正将机器人接入互联网而完全没有考虑到网络安全问题。
“Once the robots start to be in every home and many businesses, the motivation to attack them will increase exponentially,” he said. “Since they can move around their surroundings, especially industrial robots, they use a lot of power and can be programmed to do very dangerous movements in real time.”
“一旦机器人开始进入千家万户和许多企业,对它们进行攻击的动机将大为增加,”他说,“由于机器人可以在自己的环境中到处移动,特别是工业机器人,它们要使用很多电力,因此可以通过编程让它们实时地做出非常危险的动作。”
While it found no evidence yet of any cyber attacks on robots, Mr Cerrudo warned that they could be used to cause physical harm or to stall operations.
虽然IOActive尚未发现机器人遭网络攻击的任何证据,但塞鲁多警告称,它们可能被用来造成身体伤害或让某些活动停止。
He said that if one of the flaws that he discovered was used to infect a robot with ransomware, malicious software that shuts down a computer until its recipient pays a ransom, it could damage operations.
他表示,如果有人利用他这次发现的某个缺陷,以勒索软件(一种恶意软件,可以关闭计算机,直到被感染者支付赎金)感染一台机器人,可能导致活动无法正常进行。
“If they start replacing workers with robots, it will be as if someone hacked the company’s employees,” he said. “如果一家公司开始用机器人替换工人,(一旦这些机器人受到黑客攻击)那就好像这家公司的员工受到了黑客攻击,”他说。
IOActive, which has informed robot manufacturers of the flaws, also found serious cyber security problems in robots from other companies including Ubtech Robotics, Robotis, Universal Robots and Sartec Corp.
IOActive已把这些缺陷通报给了机器人生产商。该公司也在优必选科技(UBTech Robotics)、Robotis、优傲机器人(Universal Robots)和Sartec Corp等公司出品的机器人身上发现了严重的网络安全问题。
Universal Robots said it was aware of IOActive’s report and was “investigating the potential vulnerability described and potential countermeasures”.
优傲机器人公司表示,它已了解到IOActive的报告,并且“正在调查报告中描述的潜在薄弱环节,并研究潜在对策”。
Rethink Robotics said it had already addressed some of the issues highlighted by IOActive.
Rethink Robotics公司表示,它已解决了IOActive指出的一些问题。
