Security News

A Robot the Size of the World
2023-12-15 12:01

The classical definition of a robot is something that senses, thinks, and acts-that's today's Internet. We've been building a world-sized robot without even realizing it.

ROBOT crypto attack on RSA is back as Marvin arrives
2023-09-26 17:00

In a paper titled, "Everlasting ROBOT: the Marvin Attack," Hubert Kario, senior quality engineer on the QE BaseOS Security team at Red Hat, shows that many software implementations of the PKCS#1 v1.5 padding scheme for RSA key exchange that were previously deemed immune to Daniel Bleichenbacher's widely known attack are vulnerable. "For TLS hosts that use forward secure ciphersuites, the attacker would have to perform a massively parallel attack to forge a server signature before a client would time out during the connection attempt. That makes the attack hard, but not impossible."

On Robots Killing People
2023-09-11 11:04

The robot revolution began long ago, and so did the killing. The one-ton robot continued to work silently, smashing into Williams's head and instantly killing him.

Robot can rip the data out of RAM chips with chilling technology
2023-06-09 00:01

Cold boot attacks, in which memory chips can be chilled and data including encryption keys plundered, were demonstrated way back in 2008 - but they just got automated. The presentation focuses on a Cryo-Mechanical RAM Content Extraction Robot that Cui and colleagues Grant Skipper and Yuanzhe Wu developed to collect decrypted data from DDR3 memory modules.

San Francisco lawmakers approve lethal robots, but they can't carry guns
2022-11-30 21:30

San Francisco police can deploy so-called "Killer robots" following a Board of Supervisors' vote on Tuesday, clearing the cops to use robots equipped with explosives in extreme situations. The robots primarily will be used to neutralize and dispose of bombs, and provide video reconnaissance, according to San Francisco Supervisor Rafael Mandelman.

Elon Musk wrote article for China's internet regulator, hinted at aged care robots
2022-08-14 23:45

Elon Musk has written an article for the Cyberspace Administration of China's flagship magazine. "Chinese companies will be a force to be reckoned with in the cause of energy innovation," Musk opined in the article.

A great day for non-robots: iOS 16 will bypass CAPTCHAs
2022-06-21 11:45

Apple has introduced a game-changer into its upcoming iOS 16 for those who hate CAPTCHAs, in the form of a feature called Automatic Verification. The feature does exactly what its name alludes to: automatically verifies devices and Apple ID accounts without any action from the user.

JekyllBot:5 Flaws Let Attackers Take Control of Aethon TUG Hospital Robots
2022-04-15 04:52

As many as five security vulnerabilities have been addressed in Aethon Tug hospital robots that could enable remote attackers to seize control of the devices and interfere with the timely distribution of medication and lab samples. Aethon TUG smart autonomous mobile robots are used in hospitals around the world to deliver medication, transport clinical supplies, and independently navigate around to perform different tasks such as cleaning floors and collecting meal trays.

Hospital robot system gets five critical security holes patched
2022-04-12 18:58

Researchers at healthcare cybersecurity company Cynerio just published a report about five cybersecurity holes they found in a hospital robot system called TUG. TUGs are pretty much robot cabinets or platforms on wheels, apparently capable of carrying up to 600kg and rolling along at just under 3km/hr. During what we're assuming was a combined penetration test/security assessment job, the Cynerio researchers were able to sniff out traffic to and from the robots in use, track the network exchanges back to a web portal running on the hospital network, and from there to uncover five non-trivial security flaws in the backend web servers used to control the hospital's robot underlords.

Critical bug allows attacker to remotely control medical robot
2022-04-12 11:00

Mobile robot maker Aethon has fixed a series of vulnerabilities in its Tug hospital robots that, if exploited, could allow a cybercriminal to remotely control thousands of medical machines. Cynerio did find "Several" hospitals in the US and globally that were using the internet-connected robots, and in each of these cases the researchers could exploit the vulns to remotely control the robots from the Cynerio Live research lab.