Download Presentation

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
Document related concepts

Security-focused operating system wikipedia , lookup

Cross-site scripting wikipedia , lookup

Medical privacy wikipedia , lookup

Computer security wikipedia , lookup

Mobile security wikipedia , lookup

Transcript 
A Spotlight on Security and Privacy Risks with Future
Household Robots: Attacks and Lessons
Tamara Denning, Cynthia Matuszek, Karl Koscher, Joshua R. Smith and Tadayoshi Kohno.
A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons
Denning, T. , Matuszek, C., Koscher, K., Smith, J. and Kohno, T. 2009. Ubicomp'09.
Introducing...
From left to right:
WowWee RoboSapien V2
WowWee Rovio
Erector Spykee
A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons
Denning, T. , Matuszek, C., Koscher, K., Smith, J. and Kohno, T. 2009. Ubicomp'09.
Capabilities
Prices correct as of late 2008.
A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons
Denning, T. , Matuszek, C., Koscher, K., Smith, J. and Kohno, T. 2009. Ubicomp'09.
Visibility
Rovio:
Visible to local attacker by SSID, MAC address
Visible to remote attacker by unique http interface, port 80 query
Spykee:
Visible to local attacker by SSID, MAC address
Visible to remote attacker by keep alive packets, port 9001 control request
RoboSapien:
Not visible
A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons
Denning, T. , Matuszek, C., Koscher, K., Smith, J. and Kohno, T. 2009. Ubicomp'09.
Vulnerabilities
Rovio
Passive adversary can intercept unencoded username and password
Audiovisual stream does not require password even when enabled
WEP support only, though WPA added in patch.
Spykee
Co-located mode sends credentials in the clear
Video stream unencrypted
Remote access more difficult, Diffie-Hellman key exchange vulnerable to MITM
WEP and WPA
A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons
Denning, T. , Matuszek, C., Koscher, K., Smith, J. and Kohno, T. 2009. Ubicomp'09.
Vulnerabilities
RoboSapien
Vulnerable to off-the-shelf controller and IR repeater
Compromised computer with IR port
Universal remote control with 802.11 wireless
Other compromised robots with IR transmitters
Other remote attacks possible, eg buffer overflow...
A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons
Denning, T. , Matuszek, C., Koscher, K., Smith, J. and Kohno, T. 2009. Ubicomp'09.
Attacks
•Privacy
•Security
•Vandalism
•Psychological
A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons
Denning, T. , Matuszek, C., Koscher, K., Smith, J. and Kohno, T. 2009. Ubicomp'09.
Design Questions
•What is the intended function of the robot?
•How mobile is the robot?
•What sensors does the robot possess?
•What actuators does the robot possess?
•What communication protocols does the robot support?
•Who are the intended users of the robot?
•What is the robot’s intended operational environment?
•Besides the intended users of the robot, what other people (and animals) will be in
the robot’s environment?
•What kind of development processes are in place?
A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons
Denning, T. , Matuszek, C., Koscher, K., Smith, J. and Kohno, T. 2009. Ubicomp'09.
Design Questions
• Does the robot create new or amplify existing privacy vulnerabilities?
•Does the robot create new or amplify existing physical integrity vulnerabilities?
•Does the robot create new or amplify existing physical safety vulnerabilities?
•Does the robot create new or amplify existing psychological vulnerabilities?
•Can the robot be combined with other robots or technologies to facilitate an
attack?
A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons
Denning, T. , Matuszek, C., Koscher, K., Smith, J. and Kohno, T. 2009. Ubicomp'09.
What else?
What steps need we take to prevent these issues in future?
A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons
Denning, T. , Matuszek, C., Koscher, K., Smith, J. and Kohno, T. 2009. Ubicomp'09.
Related documents
The Link Between Robots and Computers.
The Link Between Robots and Computers.
My PowerPoint for 6/24/2005 Presentation
My PowerPoint for 6/24/2005 Presentation
the netherlands 26 - 30 JUne
the netherlands 26 - 30 JUne
Computers - Robot Presentation
Computers - Robot Presentation
Artificial Intelligence and Robotics
Artificial Intelligence and Robotics
INTRODUCTION - University of Southern California
INTRODUCTION - University of Southern California
Inglés - Agrega
Inglés - Agrega
Intelligent Mobile Robotics
Intelligent Mobile Robotics
Evolvable hardware
Evolvable hardware