One new, tiny robot is on a mission -- to keep fellow robots safe from hackers. Created by researchers at the Georgia Institute of Technology, the HoneyBot could fit inside of an average shoebox but it's meant to handle the safety of robots significantly larger than itself.
Engineers designed the HoneyBot to lure in hackers looking to cause issues for industrial facilities. As more industrial robots get connected online, there's a growing fear that these large-scale robotics systems could be hacked to either gain company information or harm humans.
Professor Raheem Beyah said these styles of attacks are more potent now than they've been in previous decades, largely due to the growing interconnectivity between robots and information systems.
“Robots do more now than they ever have, and some companies are moving forward with, not just the assembly line robots, but free-standing robots that can actually drive around factory floors,” said Beyah, the Motorola Foundation Professor and interim Steve W. Chaddick School Chair in Georgia Tech’s School of Electrical and Computer Engineering. “In that type of setting, you can imagine how dangerous this could be if a hacker gains access to those machines. At a minimum, they could cause harm to whatever products are being produced. If it’s a large enough robot, it could destroy parts or the assembly line. In a worst-case scenario, it could injure or cause death to the humans in the vicinity.”
Just like honeypots that can counteract cyber attacks, the HoneyBot robot is a decoy bot that gathers information about a hacker and forwards that information to affected companies.
"A lot of cyber attacks go unanswered or unpunished because there’s this level of anonymity afforded to malicious actors on the internet, and it’s hard for companies to say who is responsible,” said Celine Irvene, a Georgia Tech graduate student who worked with Beyah to devise the new robot. “Honeypots give security professionals the ability to study the attackers, determine what methods they are using, and figure out where they are or potentially even who they are.”
The HoneyBot can be controlled via the internet. However, the HoneyBot tricks hackers into thinking it's performing one particular action when it's actually gathering data and doing something entirely different. Beyah noted that the trick to HoneyBot's success is never letting anything seem suspicious to a hacker.
“The idea behind a honeypot is that you don’t want the attackers to know they’re in a honeypot,” Beyah said. “If the attacker is smart and is looking out for the potential of a honeypot, maybe they’d look at different sensors on the robot, like an accelerometer or speedometer, to verify the robot is doing what it had been instructed. That’s where we would be spoofing that information as well. The hacker would see from looking at the sensors that acceleration occurred from point A to point B.”
The researchers hope that the HoneyBot can sit in the shadows of a factory corner and jump into action once a hacker gets access to the system. The HoneyBot would serve as a physical signal that a hacker is in the facility's robotics. However, Honeybot would stop short of doing anything dangerous in a real-world setting.
In fact, the team tested out HoneyBot in December 2017. Volunteers used a visual interface in order to control HoneyBot but they couldn't actually see what the robot was doing. The team even encouraged the volunteers to "hack" the game the researchers created.
“We wanted to make sure they felt that this robot was doing this real thing,” Beyah said.
Ultimately, those who took the shortcut and "hacked the system" and those who operated the robot with less nefarious intentions reported that they couldn't tell they were ever being fed wrong data. Both groups said everything they were being fed was believable, the researchers noted.
“This is a good sign because it indicates that we’re on the right track,” Irvene said.