1 / 10

A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons

A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons Tamara Denning, Cynthia Matuszek , Karl Koscher , Joshua R. Smith and Tadayoshi Kohno. Introducing. From left to right: WowWee RoboSapien V2 WowWee Rovio Erector Spykee. Capabilities.

boris
Download Presentation

A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons Tamara Denning, Cynthia Matuszek, Karl Koscher, Joshua R. Smith and Tadayoshi Kohno.

  2. Introducing... From left to right: WowWeeRoboSapien V2 WowWeeRovio Erector Spykee

  3. Capabilities Prices correct as of late 2008.

  4. Visibility Rovio: Visible to local attacker by SSID, MAC address Visible to remote attacker by unique http interface, port 80 query Spykee: Visible to local attacker by SSID, MAC address Visible to remote attacker by keep alive packets, port 9001 control request RoboSapien: Not visible

  5. Vulnerabilities Rovio Passive adversary can intercept unencoded username and password Audiovisual stream does not require password even when enabled WEP support only, though WPA added in patch. Spykee Co-located mode sends credentials in the clear Video stream unencrypted Remote access more difficult, Diffie-Hellman key exchange vulnerable to MITM WEP and WPA

  6. Vulnerabilities RoboSapien Vulnerable to off-the-shelf controller and IR repeater Compromised computer with IR port Universal remote control with 802.11 wireless Other compromised robots with IR transmitters Other remote attacks possible, eg buffer overflow...

  7. Attacks • Privacy • Security • Vandalism • Psychological

  8. Design Questions • What is the intended function of the robot? • How mobile is the robot? • What sensors does the robot possess? • What actuators does the robot possess? • What communication protocols does the robot support? • Who are the intended users of the robot? • What is the robot’s intended operational environment? • Besides the intended users of the robot, what other people (and animals) will be in the robot’s environment? • What kind of development processes are in place?

  9. Design Questions • Does the robot create new or amplify existing privacy vulnerabilities? • Does the robot create new or amplify existing physical integrity vulnerabilities? • Does the robot create new or amplify existing physical safety vulnerabilities? • Does the robot create new or amplify existing psychological vulnerabilities? • Can the robot be combined with other robots or technologies to facilitate an attack?

  10. What else? What steps need we take to prevent these issues in future?

More Related