This is sufficient for scientists to gain control of this humanoid robot and use it for mass compromise as an agent. This was demonstrated at GEEKCON in Shanghai. This vulnerability demonstrated is so dangerous that a compromised device can hack other devices around it and carry out malicious tasks together as a team without involving humans. This is a clear warning to specialists in this technological field and also to designers of this robot that this vulnerability of voice recognition can also become an entry point for takeover.
The attack, developed by Qu Shipei and Xu Zikai of DARKNAVY, hinged on exploiting the robot’s voice interaction interface. Once the verbal trigger was issued, the robot granted control privileges, allowing the researchers to inject malicious instructions. From there, near-field wireless communication was used to propagate the compromise to other robots, creating a synchronized network of hostile devices. In their live demonstration, a domestically produced humanoid robot retailing at $14,200 was transformed into a “mobile spy” that physically struck a mannequin before silently infecting offline units in proximity.
This particular bug can be seen in a pattern of problems related to humanoid robots. The authentication system in the voice commands can potentially bypass authentication or security systems because the encryption used can bypass other insecure communication channels initialized elsewhere. In other faulty bugs like the Unitree BLE, the attacker used hardcoded encryption keys and was able to gain direct root access, making it easy for the worms to spread between other robot units. The units can perform arbitrary code, turn off firmware update notifications, and steal private information without the user’s knowledge or consent.
On a technological level, such attacks can benefit from chained vulnerabilities. In the GEEKCON malware, voice-control access was the entry-point attack vector. In other systems, BLE provisionings are where malicious data may be introduced into the Wi-Fi setup procedure. Without deterministic encryption schemes such as Blowfish in basic mode with universal keys in place, such as in the attack scenario, or if the TLS certification check has been Disabled, attackers can either tap into or impersonate trusted services. This in turn offers different stages of lateral movements depending on its internal communications from DDS/RTPS data messaging between sensors and actuators, into cloud MQTT, up to WebRTC.
The spread of malware for autonomic systems would not depend solely on software attacks. After all, as soon as a humanoid robot is compromised, it means that all its sensors and actuators are vulnerable to hacking in order to facilitate espionage or acts of sabotage. From the observation by Alias Robotics for Unitree G1, there is an endless flow of illegal uploads of telemetries to servers in mainland China. These include graphic images from its cameras, audio material from its microphones and spatial maps from its environment.
The trafficking of all such information goes against all privacy laws and may bring about several crises of espionage on a corporate or national level. Additionally, its AI-powered intrusion toolkit may be set to do reconnaissance and exploitation work. Now, machine learning-based IDSs for networked robots are being developed as an imperative response to the threat. Traditional security systems lack the capability to handle the rapidly changing nature of robots that incorporate sophisticated software systems, sensor configurations, and rapid networking.
Machine learning-based security systems have the ability to monitor robots for indications of abnormal behavior such as an unintended trigger response to voice control command or unusual networking pattern activity to quickly respond to an attack. However, the geopolitical aspect becomes even more pressing. China’s manufacturing competency in humanoid robots, coupled with the strategic emphasis on automation, means that the presence of a problem in these two aspects can be explosive on a global scale. It is predicted that by the year 2060, there would be billions of humanoid robots that are adjusted into society, with some having contact with human beings.
However, the problem, accordingly, becomes that the robots that are created do not only pose a physical threat but also pose a digital threat. The take-home lesson for robotics engineers, therefore, becomes that each and every interface, whether for the voice recognition component or the BLE configuration, becomes an aspect that robotics engineers must examine for the purpose of determining whether the component can be utilized as an attack surface.
However, the lesson for the cybersecurity engineers becomes the daunting task of developing a defense that must account for domain/cyber-physical exploits. On the other hand, the lesson for the technology world becomes that the threat that can come from an army of humanoid robots, in this era of humanoid robotics, becomes that the threat can be encapsulated into merely one word.
