Worrying: Robots can be taken over with just 1 word
What's the story
A security vulnerability has been discovered in humanoid robots, which could allow malicious actors to take control of an entire army of these machines with a single word. The issue was first highlighted at the GEEKCon competition in Shanghai. Since its inception in 2014, GEEKCon has hosted 17 events where "white-hat hackers" from China, the US, Russia, and other countries compete.
Exploit demonstration
Researchers demonstrate robot control
Security researchers Qu Shipei and Xu Zikai from DARKNAVY, a cybersecurity research group, demonstrated how a verbal command could be used to take control of a humanoid robot. They first took over the test subject, a domestically produced humanoid robot worth around CNY 100,000 (around ₹12.7 lakh), with a verbal command. Then they used that compromised machine to infect others and manipulate them into executing malicious instructions.
Vulnerability
Attack exploited flaw in AI system
The researchers exploited a vulnerability in the robot's built-in large-model agent, an AI system, to carry out their attack. By simply talking to the machine, they triggered the flaw and gained access to it. This allowed them full control over an internet-connected robot and demonstrated how dangerous this vulnerability could be. This robot became a "digital Trojan horse," and used NFC to infect another robot that was offline. In under three minutes, it was also compromised.