Automated mobile robots are a cybersecurity risk

For several years I’ve been evangelizing about the growing ways automation and robotics are beneficial to all. From medical facilities to factories, warehouses, industrial rigs and transit, Automated Mobile Robots (AMRs) are driving massive efficiency gains while also elevating the people and organizations who use them.

AMRs reduce costs, improve safety, and address labor shortages, while delivering a rapid return on investment.

A robot can be hacked

As automation progresses, it’s vital to recognize and respect the fact that robots are both physical and digital beings. We speak with and instruct robots through digital apps and programmed instructions on computers, smart devices, and the cloud. This means that as industries rush to adopt AMRs, they’re also inadvertently exposing themselves to cybersecurity risks.

Just as a database or bank account can be hacked, the digital aspects of AMRs are vulnerable to the same degradation, bugginess, or malicious misuse and damage as any software-dependent program.

Yes, there are plenty of funny videos of a misdirected robot suddenly throwing punches at anyone in sight. But imagine the real consequences of even a relatively small misdirection such as a robotic traffic jam in a warehouse, or the physical danger and loss that could result from a single robotic miscue such as smashing the produce, missing a critical step in a manufacturing process, or driving a piece of expensive equipment into a wall. The results can be catastrophic.

Chang Robotics CIO Joe Tenga has performed a comprehensive examination of these risks and he has written a whitepaper on industry-specific vulnerabilities of AMRs and strategies to mitigate them. For example, in the health industry, if a robot’s operation includes access to personal information, it could result in a HIPAA violation. In a purchasing center, AMRs could become a target for financial or personal information theft. In a manufacturing or product distribution role, AMRs could become a window for potential theft of Intellectual Property.

Here are two specific concerns about AMRs and cyberthreats.

AMRs run on cyber-physical systems.

Unlike traditional IT assets, AMRs integrate computation, networking, and physical processes, leaving companies that use them open to these possible threats:  

• Mobility introduces risk. AMRs can physically transport rogue hardware or bypass secure zones.
• Badge-based access abuse. AMRs with elevator/door credentials could be exploited to breach restricted areas.
• Tampering risk. Robots could be hijacked or outfitted with spy devices.

Robots are not just endpoints, they are mobile insiders. Their dual nature requires an approach to safety and security that combines both physical and cyber defense.

AMRs can be exploited through common network-based threats.

Without proper protection, AMRs could be weaponized as mobile reconnaissance and access platforms—both passively (sniffing) and actively (spoofing or unlocking doors). Possible threats that can potentially exploit weaknesses in security include:

• Rogue access points and snifferscan hijack data over Wi-Fi as robots move.
• Man-in-the-middle attacks and hardware implantscan inject malicious commands or covertly monitor data.
• IoT exploit modules and proxy access abusecan use robots as conduits to broader network intrusions or unauthorized facility access.

Here’s how companies can protect themselves

AMRs are transformative to modern business, but only if they are properly secured. Every organization using robotics must do the following:

• Implement security at every phase of use from procurement through deployment.
• View AMRs as both digital endpoints and physical agents.
• Develop scalable, industry-specific cybersecurity programs.

The ability to scale AMR deployments with confidence hinges on embedding cybersecurity from the ground up— not as an afterthought but as a competitive differentiator for your successful operation from its very inception and through all seasons to come.

Matthew Chang is the Founder and Principal Engineer of Chang Robotics.