Will Robo-Helpers Help Themselves to Your Data?


Over the coming years, organizations will experience growing disruption as threats from the digital world have an impact on the physical. Invasive technologies will be adopted across both industrial and consumer markets, creating an increasingly turbulent and unpredictable security environment. The requirement for a flexible approach to security and resilience will be crucial as a hybrid threat environment emerges.

While robots may seem like the perfect helpers, by 2022, the Information Security Forum (ISF) anticipates that a range of robotic devices, developed to perform a growing number of both mundane and complex human tasks, will be deployed in organizations and homes around the world. Friendly-faced, innocently-branded, and loaded with a selection of cameras and sensors, these constantly connected devices will roam freely. Poorly secured robo-helpers will be weaponized by attackers, committing acts of corporate espionage and stealing intellectual property. Attackers will exploit robo-helpers to target the most vulnerable members of society, such as the elderly or sick at home, in care homes or hospitals, resulting in reputational damage for both manufacturers and corporate users.

Organizations will be caught unawares as compromised robo-helpers such as autonomous vacuum cleaners, remote telepresence devices and miniature delivery vehicles roam unattended and unmonitored. The potential for these invasive machines to steal intellectual property and corporate secrets through a range of onboard cameras and sensors will become a significant concern. Organizations developing and using care-bots, a type of robo-helper designed for healthcare, will face significant financial and reputational damage when vulnerable individuals suffer emotional, physical, psychological and financial harm when care-bots are compromised.

This proliferation of robo-helpers into the home, offices, factories and hospitals will provide attackers with a range of opportunities to make financial gains and cause operational damage. Nation states and competitors will target robo-helpers that have access to sensitive areas in order to steal critical information. Organized criminal groups and hackers will also use manipulative techniques to frighten and coerce individuals into sending money or giving up sensitive information.

Imagine this scenario: the building maintenance division of a large pharmaceutical organization decides to replace its staff at the research and development (R&D) site with a range of outsourced, automated robots. These robo-helpers carry out building maintenance and sanitation operations in place of their human counterparts. Each unit is fitted with cameras and sensors and requires network connectivity in order to operate. Shortly after their deployment, details of an early phase experimental drug trial are leaked to the media.

Are you sure that your robo-helpers are secure?

What is the Justification for This Threat?

The extent to which robo-helpers are adopted and used, especially in homes and office spaces, currently differs significantly depending on geography and culture. Japan, China and South Korea, amongst other Asian nations, are typically more accepting of robots, whereas Western nations are currently less so. Robo-helpers are particularly seen in a positive light in Japan, with The International Federation of Robotics attributing the cultural influence of the Japanese religion of Shinto – where both people and objects are believed to possess a spirit – as a key enabler for the high rate of robotics adoption in Japan. China, the US and Japan are currently the biggest exporters of robots in the world, with overall growth expected to increase worldwide.

There is a growing acceptance of robots in the home and workplace, which may indicate that organizations are ready to accelerate the rate of robo-helper adoption. In offices and homes, a growing number of semi-autonomous robo-helpers are due to hit global consumer markets as early as 2020, all built with a range of networked cameras and sensors. As with poorly secured IoT devices that are constantly connected to an organization’s network, a security flaw or vulnerability in a robo-helper will further broaden attack surfaces, presenting yet another access point for attackers to exploit.

Robotics have been used in manufacturing for decades, but as they become more popular these robo-helpers will perform a greater range of tasks, giving them access to a wealth of sensitive data and locations. In the education sector robots will soon be used in schools, with developers in Silicon Valley creating robo-helpers for teachers that can scan students’ facial expressions and provide one-to-one support for logical subjects such as languages and mathematics. In healthcare there have also been breakthroughs – in November 2019 the world’s first brain aneurysm surgery using a robo-helper was completed, demonstrating that robot-assisted procedures enhance flexibility, control and precision.

As these robots gain greater autonomy and perform a greater number of surgeries over time, the need to secure them will become ever more urgent. In logistics, delivery-bots have seen significant investment and improvement, now using onboard cameras and sensors to navigate difficult terrain and unfamiliar environments.

Robo-helpers will make their way into the lives of more vulnerable individuals in care homes, schools and community centers and people will increasingly feel comfortable sharing sensitive information about their lives with them. Attackers will realize this, aiming to exploit these non-tech-savvy members of society into transferring funds or giving up sensitive information. Organizations developing these products or using them in their business will face serious reputational damage, as well as legal and financial repercussions when their customers become victims.

With the proliferation of robo-helpers across a growing number of countries and into a greater number of industries and homes, the opportunities for attackers to compromise individuals and organizations that use them will be alarming.

How Should Your Organization Prepare?

Organizations using robo-helpers in their business, or providing them to others, should ensure that devices are properly protected against attacks and cannot be used to compromise the privacy and rights of customers.

In the short term, organizations should restrict robo-helper access to sensitive locations. We recommend that they segregate access and monitor traffic between robo-helpers and the corporate network and ensure that robo-helpers using cameras and sensors comply with data protection regulations. Finally, dispose of robo-helpers securely.

In the long term, gain assurance over robo-helpers used in the organization and limit the capabilities of robo-helpers to ensure that ethical norms are not breached. Monitor specific robo-helpers for signs of fraudulent or dangerous activities and provide training and awareness around appropriate use and behaviors.

About the author: Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include strategy, information technology, cyber security and the emerging security threat landscape across both the corporate and personal environments. Previously, he was senior vice president at Gartner.

Copyright 2010 Respective Author at Infosec Island via Infosec Island Latest Articles "https://ift.tt/3ieyYBW"

Comments

Post a Comment

Popular posts from this blog

Evernote cuts staff as user growth stalls

Image
Note-taking app Evernote has fallen on hard times of late, culminating in its latest spate of job cuts impacting 15 percent of its workforce (54 employees). CEO Chris O' Neil -- an ex-Googler who took the reins in 2015 -- announced the firings at an all-hands meeting earlier today, reports TechCrunch . In a message on the Evernote blog , O' Neill admitted he'd set "incredibly aggressive goals" for the company in 2018. He continued: "Going forward, we are streamlining certain functions, like sales, so we can continue to speed up and scale others, like product development and engineering." The layoffs follow an exec exodus just weeks ago and the company's recent brand refresh (complete with a refined logo and wordmark). But critics are more concerned about its product, especially the free tier, which they claim lacks the perks to
Read more

The best air conditioner

Image
By Liam McCabe This post was done in partnership with Wirecutter . When readers choose to buy Wirecutter's independently chosen editorial picks, it may earn affiliate commissions that support its work. Read the full article here . After six summers of researching, testing, and recommending window air conditioners, we've learned that quiet and affordable ACs make most people the happiest—and we think the LG LW8016ER will fit the bill in most rooms. This 8,000 Btu unit cools as efficiently and effectively as any model with an equal Btu rating, and runs at a lower volume and deeper pitch than others at this price. Little extra features like a fresh-air vent, two-axis fan blades, and a removable drain plug help set it apart, too. The LG LW8016ER is a top choice for an office or den, and some people will find it quiet enough for a bedroom, too. If our main pic
Read more

We won't see a 'universal' vape oil cartridge anytime soon

Image
Pre-loaded cartridges of cannabis concentrate are currently among the most popular means of consumption, and for good reason. They're discreet to use and easy to handle, a far cry from the dark days of 2016 when we had to dribble hash oil or load wax into narrow-mouthed vape pens by hand. But, frustratingly, an ever increasing number of oil cartridge manufacturers employ one-off design standards so that their products won't work with those of their competitors, thereby locking customers into proprietary ecosystems. We've already seen this with nicotine vaporizers -- which has a seen a massive rise in "pod systems" in the last few years, each outfitted with a unique canister and battery built to be incompatible with those of their competition. Is it too late for the burgeoning cannabis industry to set a universal standard for their product designs?
Read more