General security

Privacy Risks of Household Robots: 5 Security Risks and 10 Steps to Protect Yourself

Daniel Dimov
October 16, 2015 by
Daniel Dimov

Section 1. Introduction

As a result of the rapidly developing robotics industry, more and more families worldwide integrate robots in their households. Robotic devices assist in simplification of bothersome chores, such as vacuuming (e.g., iRobot's Roomba), cleaning gutters (e.g., iRobot's Looj), mowing a lawn (e.g., Friendly Robotics' Robomow), or ironing (e.g., Siemens' Dressman). Apart from the household activities, home robots nowadays also help with waking up (e.g., Nanda Clocky), interacting with family members (e.g., iRobot's ConnectR), or protecting property (e.g., MobileRobots Inc. Agent 007). The recent success of a crowdfunding project that will launch a social robot Jibo implies that, in the near future, affordable home robots will become widespread household assistants.

However, despite the potential benefits associated with household robots, a vivid discussion about security and privacy risks related to the use of such machines is taking place. This article identifies a number of privacy risks associated with household robots (Section 2). Moreover, it provides suggestions on how consumers could protect themselves against potential threats (Section 3). Finally, a conclusion is drawn (Section 4).

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Section 2. Privacy and Security Risks of Household Robots

Household robotics is a relatively young field. Thus, the privacy and security issues related to household robots have just recently become an object of public discussion. Household robots are associated with the following five types of privacy and security risks: (i) risks related to the interconnection of the household robots with other devices; (ii) risks related to the data collection and disclosure abilities of household robots; (iii) risks related to the physical interactions of household robots; (iv) risks related to the infection of household robots with malware; (v) risks of psychological attacks conducted by household robots. These five types of risks are examined in more detail below.

2.1 Interconnection of household robots with other devices

A large number of household robots can perform their functions only if they are connected to a home network. Thus, breaking into the home network by an unauthorized person may result in hacking of the household robot. Such hacking attacks may be conducted relatively easy if the users of the robots have not changed the default easy-to-exploit passwords (e.g., admin or 0000) of their robots to more complex passwords. The information collected by a household robot (e.g., video and audio stream) can be used for conducting identity theft and other unlawful activities.

2.2 Data collection and disclosure

Household robots are equipped with a set of tools for collecting information, including 3D sensors, cameras, and microphones. The tools allow the robot to collect and save big amounts of sensitive personal data from the home it is operating at. Such data includes, but is not limited, to details of a lifestyle, geographical coordinates, personal belongings, floor plans, online credentials, and a health status of the owners.

If a hacker obtains unauthorized access to personal information collected by a robot, he/she may use the information for variety of unlawful purposes, such as selling the personal data to advertising companies, conducting identity theft, stealing money, and blackmailing the owner of the personal data.

Although robotics industry takes measures against possible information security attacks, only a part of household robots provide a comprehensive information security protection to their owners. For instance, the technological architecture of some household robots allows their owners to be notified via audible or other type of alerts that the data collected by the robots is accessed by a non-authorized entities.

2.3 Physical interaction

Although robot vandalism is a popular element of Sci-fi movies, the use of robots at home may heighten information security risks. In addition to privacy issues, household robots may also cause dangerous physical interactions. For instance, a hacked household robot may physically harm the inhabitants of the house. Moreover, the research conducted by the University of Washington in relation to security risks of household robots has indicated the possibility of multi-robot attacks. The research report claims that even though "a robot may operate safely and securely in isolation, it may facilitate attacks when used in conjunction with other robots."

2. 4. Malware

Like other software-based devices, household robots are susceptible to infections with malicious software. For example, counterfeited robots with embedded malicious code may be distributed on the market. Such robots may become a tool for committing data theft and identity spoofing. It should be noted that the low-cost household robots may not have any anti-malware system, which can make them highly vulnerable to infections with malware.

2.5 Psychological attacks

Robotics market has developed a number of home robots which could help with supervising and taking care of people with special needs (e.g., children and elderly). For example, the home robot Rovio is partially aimed at supporting healthcare and eldercare. However, since scientific investigations claim that humans can form emotional bonds with robots, such bonds may be exploited for potential psychological attacks. For example, remotely controlled home robots may be used to generate noise and sounds that may distress and confuse people. The other forms of psychological attacks may include using a hacked robot to arrange objects at home in a threatening way as well as chasing family members and animals.

Section 3. Ten Steps to Protect Yourself

In order to decrease the privacy and security risks associated with household robots, the collaboration between manufacturers and consumers is crucial. The manufacturers can assure the safe use of household robots by taking measures, such as conducting a privacy or security risk assessment and monitoring products throughout their life cycle. There are also ten easy steps that can be taken by consumers in order to significantly increase their privacy and security throughout the use of household robots. These steps are discussed below (see points A-J).

A. Researching before buying

Before buying any sophisticated technological device, consumers need to conduct research on the main security features of the device. Moreover, the potential owner of a robot needs to investigate in what ways sensitive data of the household is collected, processed, and saved. The device should be purchased only after determining that the manufacturer of the robot has taken reasonable security measures to protect the potential owner. In this context, Matuszek, a researcher at the University of Washington, stated: "People know to look for small parts in children's toys, or look for lead paint. For products that combine more advanced technology and wireless capabilities, people should look at whether it protects privacy and security."

B. Setting a unique account name and password

After purchasing a household robot, the owner needs to change the default passwords of the device to sophisticated passwords. Changing the robot's default passwords decreases the chance of a hacking attack. Hacking a robot with a weak password protection may lead to infection with malware, unauthorized data collection, and physical attacks against the owner.

C. Updating software

Even though updating software of a robot can be a time-consuming matter, this step is of utmost importance for keeping the device and its owner safe. Updating the software of the robot and keeping it up to date helps with fixing any software bugs that can be present in the system. Moreover, it can help to enjoy advanced features of the device. Normally, updating the software of a household robot does not require complex technical operations.

D. Disabling Internet access

If the architecture of a household robot allows disabling wireless connection to the Internet, this option should be used in order to avoid potential hacking attacks. If a household robot requires Internet connection for performing its operations, the owner can encrypt the home wireless network for achieving the highest possible data security.

E. Familiarizing with data processing and terms of use

Before using a household robot, consumers ought to become familiar with the terms of use and consent to use the device. Such terms clearly identify what data is gathered by a robot from its owners as well as for what purposes it is processed. Moreover, the legal terms of use provided by manufacturers may also indicate unexpected uses of the collected data, such as sharing it with data brokers and marketing firms. The companies providing household robots should assure that the notifications provided by them to consumers are simplified and easy to understand.

F. Configuring settings of a robot

In order to avoid possible vulnerabilities, consumers can disable features that are not necessary for the operations requested by them. For instance, the owner can disable the video recording function if it is not necessary for the performance of the desired operations. Moreover, in order to avoid configuring robot's settings in an insecure fashion, it is important to familiarize with robot's system and to train everyone at home to safely use the machine.

G. Familiarizing with robot's sensors

The set of sensors possessed by a robot may include microphones, cameras, blood pressure indicators, etc. The data collected from home environment is usually sensitive in nature. Thus, the owners should become familiar with the robot's sensors and their operating patterns in order to avoid any confidential information leaks. It is also desirable to disable the sensors that are not required for the desired operation.

H. Assessing physical harm

Household robots may cause physical harm to their owners. In case of a defect in a robot's system or a hijack, the device may neglect to perform an essential task, cause direct physical harm, or put personal belongings in danger (e.g., a fire or an injury). Thus, it is important to ensure that the device will not cause physical harm to the owners or other people.

I. Avoiding psychological bonds

As it was discussed above, people tend to form psychological bonds with robots at home. It is especially valid for people with special needs (e.g., lonely elderly or children).

With the rapid development of artificial intelligence technologies, we can expect soon the appearance of highly intelligent sex robots which can provide their users with a realistic sexual experience. David Levy, author of a book entitled "Love and Sex with Robots," believes that, by 2050, the intimate relationships between robots and humans will be popular. There are already sex robots whose body is warm and who react to touches.

Sex robots not only reinforce traditional stereotypes of women, but also may significantly threaten the privacy of their users. The public release of the information collected through hacked sex robots may have a devastating effect on the reputation of their users. Therefore, users of such devices need to take strong information security precautions.

J. Exploring combination with other devices

The robotics researchers emphasize a danger of combining two independent robots. Such technological union of two robotic machines may facilitate an attack. Thus, before involving a new robot into the existing network of devices at home, it is important to investigate the potential outcomes of such combination. Moreover, everyone at home should be trained to address any possible defects of the robots.

Section 4. Conclusion

The home environment is an intimate space where an immense amount of confidential information can be gathered and saved. Thus, before purchasing a sophisticated robotic machine and integrating it into the household, it is of utmost importance to assess its privacy features that would ensure a safe and enjoyable use. The security awareness of the users of household robots can help them to choose the safest possible household robot and enjoy its operations.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

References

  1. https://www.cs.indiana.edu/~hauserk/papers/WeRobot2014-Proia-working-paper.pdf
  2. https://www.ftc.gov/system/files/documents/public_statements/617191/150106cesspeech.pdf
  3. http://www.bbc.com/news/technology-30708953
  4. http://www.cs.cmu.edu/~illah/CLASSDOCS/CaloRobotsPrivacy.pdf
  5. http://homes.cs.washington.edu/~yoshi/papers/robots/ubicomp09_robots.pdf
  6. http://www.ndtv.com/offbeat/household-robots-can-be-security-risk-402952
  7. http://www.washington.edu/news/2009/10/08/household-robots-do-not-protect-users-security-and-privacy-researchers-say/
  8. http://www.technologyreview.com/news/534196/an-internet-of-treacherous-things/
  9. http://deloitte.wsj.com/cio/2015/09/21/safeguarding-the-internet-of-things/
  10. http://www.theguardian.com/technology/2009/sep/16/sex-robots-david-levy-loebner
  11. http://www.nytimes.com/2014/12/25/garden/10-home-robots-to-lighten-your-domestic-chores.html?_r=0

Rasa Juzenaite works as a project manager in an IT legal consultancy firm in Belgium. She has a Master degree in cultural studies with a focus on digital humanities, social media, and digitization. She is interested in the cultural aspects of the current digital environment.

Daniel Dimov
Daniel Dimov

Dr. Daniel Dimov is the founder of Dimov Internet Law Consulting (www.dimov.pro), a legal consultancy based in Belgium. Daniel is a fellow of the Internet Corporation for Assigned Names and Numbers (ICANN) and the Internet Society (ISOC). He did traineeships with the European Commission (Brussels), European Digital Rights (Brussels), and the Institute for EU and International law “T.M.C. Asser Institute” (The Hague). Daniel received a Ph.D. in law from the Center for Law in the Information Society at Leiden University, the Netherlands. He has a Master's Degree in European law (The Netherlands), a Master's Degree in Bulgarian Law (Bulgaria), and a certificate in Public International Law from The Hague Academy of International law.