Researchers Turn Cuddly UBTech Alpha 2 Humanoid Robot Into A Demonic Stabbing Machine

Alpha 2 Tomato

There is something eerily frightening about watching a toy robot puncture a tomato with a screwdriver while laughing hysterically to a soundtrack of Chucky, the possessed doll from those cheesy Child's Play horror flicks from the late 1980s into the late 1990s. But that is exactly how security researchers at IOActive decided to demonstrate the potential threat that stems from exploiting robotics.

This was not a legitimate concern in the days of Teddy Ruxpin. Back then, the world was a very different place, both in the home and at the workplace. Today, however, we live in a connected landscape where robotics are increasingly commonplace everywhere you look. To underscore the need for increased security as we become more reliant on machines, IOActive hacked several popular industrial and consumer robots, including UBTech's Alpha 2, billed as the "first humanoid robot for the family."

We are pretty sure we could disarm an Alpha 2 if it was hacked and coming at us with a screwdriver, but that is not the point. IOActive is looking at the bigger picture. Robotics are only going to become more advanced and capable, and without proper safety measures built in, there is the potential to do real harm in the future. The mind goes wild with scenarios that are not all that far fetched.

A more immediate threat perhaps exists in certain workplaces where industrial robotics are in use. Ones that perform dangerous tasks typically operate in isolation, though IOActive says the latest generation of collaborative robots, or cobots, present a "much more interesting attack surface" for hackers. They too are used in dangerous situations.

Is the risk real at this point in time? IOActive audited leading robots in the cobot sector, including those by Baxter/Sawyer from Rethink Robotics and UR by Universal Robots. The security firm found nearly 50 security issues it deemed as being critical. These ran the gamut from authentication issues and insecure transport in their protocols, to memory corruption vulnerabilities and susceptibility to physical attacks. Let that latter one sink in for a moment.

The threat is not limited to larger robots, either. IOActive cities a study by the Control and Robotics Laboratory in Montreal that clearly shows a smaller robot being powerful enough to "seriously harm a person."

"While running at slow speeds, their force is more than sufficient to cause a skull fracture," IOActive notes of the smaller robots that were studied.

IOActive is not advocating against the use of robotics. Instead, the company wants to bring attention to the threats they pose if companies do not take cybersecurity seriously when designing these things.