Skip to main content

A game of dangerous dominos: the threat of IoT security to robotics

(Image credit: Image source: Shutterstock/everything possible)

2019 will be a pivotal year for robotics, with the likes of healthcare and agriculture adopting automation at all levels of the business. Rapid advancements last year, including the first ever eye operation by a robot at John Radcliffe Hospital, show just how far trust in the technology has come. And our relationship with machines will only become more nuanced as autonomous vehicles and drones incorporate ethical decisions into their interactions with humans. Mainstream adoption of robotics, however, is closely tied to the success of the Internet of Things (IoT), where security risks remain high. As the building blocks of connected devices, one software attack could result in a domino effect, derailing innovation before it ever leaves infancy.

The tension between robotics and IoT

The IoT has been around for a decade give or take; already an integral part of modern technology ecosystems. Still, its full potential has not yet been realised, with growth stunted by regular security flaws. Ironically, as the market grows, the weak spots multiply and potential access points shoot through the roof. As a result, confidence in IoT drops year-on-year. Ninety per cent of consumers now lack confidence in connected devices, according to a recent survey by Gemalto. These concerns are more than valid, as nearly half of companies are unable to detect when a breach occurs, and only 15 per cent of budgets are earmarked for IoT security.

The catch 22 here is that advancements in robotics depend on a sustained and secure IoT. Robots are just one part of intelligent ecosystems: they depend on the IoT to link various sensors and smart metres; pass data to and from third parties; and allow robots to better ‘understand’ the world. The self-driving car, for example, is a robot orchestrated by various smaller devices and smart sensors. In fact, robots are being created to help tackle most problems people and society now face. The team at SkyGrow, for example, developed Growbot, an unmanned vehicle that plants trees 10 times faster than a human can, all at half the cost.

Powerful robots; more damaging attacks

As robots become more sophisticated, we will begin to see highly targeted and even more sinister attacks. Telesurgery uses robotics to help surgeons perform procedures remotely - a malware bug in this scenario could mean the downing of tools, threatening the patient's life. Researchers at Brown University recently proved how easy it is to hack robots. The industry will simply not be sustainable without the backing of a secure, connected IoT network.

Robotics manufacturers have a responsibility to promote a broader ‘security-by-design’ mindset. Selecting a robust operating system from the outset is the first step. This ensures that, as well as being secure now, it is also ready for future market demands. Hackers are constantly evolving, becoming more advanced than ever before. Businesses must be flexible in their approach, shedding the old hardware-centric view of IoT security. Software can no longer end when a device is shipped. It must align to the lifespan of a robot and be able to update whenever there is a potential flaw. Mobile and smartphone suppliers took many years to get to grips with this - robotics and IoT developers should learn from their mistakes.

One way developers can safely build and secure software is through snaps - containerised software packages. Snapcraft is an open platform for building and publishing applications to an audience of millions of Linux users. If a security vulnerability is discovered in the libraries used by an application, the app publisher is notified so the snap can be rebuilt quickly, and an update automatically pushed out. This allows for developers to stay focused on innovation, while ensuring the longevity of robotics hardware.

Where does the buck stop?

It remains unclear where the onus lies for IoT security, with accountability seemingly still an afterthought. Market constraints often prevent device makers from putting more budget than absolutely necessary into design security, especially when there is so much pressure to innovate ahead of competitors. But it is no secret that we need to do better when it comes to regulation. The UK IoT Code of Practice introduced last year was a good start; however, it’s still not compulsory for companies to adhere to it. Similarly, the EU Cybersecurity Act leaves compliance largely voluntary. It may be that binding government legislation, where there are serious financial consequences for negligence, is the only remedy. This would make it impossible for companies to turn a blind eye to security.

For the industry to stay on track, IoT security needs to be front of mind. If not, the reputation of robotics could suffer a blow from which it might never recover. Too often, innovation becomes a focus, prioritised ahead of the more mundane aspects of security. But as confidence drops, so does investment in new solutions. The time has come for the industry to start putting the survival of robotics ahead of prized innovation.

Eric Jensen, Head of IoT Product Management, Canonical
Image source: Shutterstock/everything possible