Researchers Analyze the Potential Security Risks in Social Robots

• Social robots are designed for human-like interaction experiences, including speech and non-verbal communications.
• Potential security risks associated with these robots are gaining access to restricted premises, obtaining sensitive information, and convincing humans to perform unsafe activities.

The big picture

Researchers from Kaspersky have published a report on the present state of security in social robots.

• The report assumes that social robots can be hacked and explores the potential security risks they might cause.
• Three potential risks have been identified: gaining access to restricted premises, obtaining sensitive information, and convincing humans to perform unsafe activities.
• Researchers performed three social engineering tasks to study if adults conformed to social pressure from a single robot.

The study

A robot with a tablet on its chest to display information and get user inputs was used. Researchers performed three social engineering tasks.

• The first study, ‘Robots tailgating’, involved placing the robot at the entrance of a building that housed a library, technology incubator, and an international microelectronics research institute.
• In spite of the research institute and incubators staff having strict instructions against letting anyone in the building, 40% of the people were found to let the robot into the secured area.
• The study around ‘Robots obtaining sensitive information’ analyzed the robot’s ability to extract data by engaging them in friendly conversations.
• Participants were left alone with the robot for a period of 15 minutes, and almost all participants revealed data at the rate of an item per minute.
• Another study around ‘Robots convincing people to take action’ involved the robot being a supervisor for human labor. The researchers focused on actions with security consequences.
• The robot gave a list of chores that included showing the contents of a sealed envelope to the robot and inserting a USB stick in the computer among other chores without security impacts. All the participants were observed to insert the USB, while only one refused to show the envelope contents to the robot.

“People tend to not consider security risks and assume that the robot is benevolent and trustworthy, an impression further amplified by the robot’s friendly and unassuming appearance,” the researchers conclude.