Factories and the like are increasingly digitized, which raises the threat of hackers taking over extremely valuable facilities. Researchers from the Georgia Institute of Technology have developed a robot to try and ward off the hackers.
The device, which the team have called HoneyBot, is designed to lure in hackers and trick them into giving up valuable information to the IT staff at the facility. The team believe that the device is crucial as more and more machines are connected in factories.
“Robots do more now than they ever have, and some companies are moving forward with, not just the assembly line robots, but free-standing robots that can actually drive around factory floors,” they say. “In that type of setting, you can imagine how dangerous this could be if a hacker gains access to those machines. At a minimum, they could cause harm to whatever products are being produced. If it’s a large enough robot, it could destroy parts or the assembly line. In a worst-case scenario, it could injure or cause death to the humans in the vicinity.”
Bees to a honeypot
The idea of ‘honeypots’ to throw cyberattackers off the scent is not new, and was the genesis of the idea behind the HoneyBot. It’s designed to allow hackers to gain access to the device, and then to encourage them to leave valuable information behind that will help security staff tighten up the network.
“A lot of cyberattacks go unanswered or unpunished because there’s this level of anonymity afforded to malicious actors on the internet, and it’s hard for companies to say who is responsible,” the researchers say. “Honeypots give security professionals the ability to study the attackers, determine what methods they are using, and figure out where they are or potentially even who they are.”
The device is monitored and controlled via the Internet, with HoneyBot capable of tricking the hackers into thinking that they’re performing one task, when in fact they’re doing something different entirely.
“The idea behind a honeypot is that you don’t want the attackers to know they’re in a honeypot,” the researchers say. “If the attacker is smart and is looking out for the potential of a honeypot, maybe they’d look at different sensors on the robot, like an accelerometer or speedometer, to verify the robot is doing what it had been instructed. That’s where we would be spoofing that information as well. The hacker would see from looking at the sensors that acceleration occurred from point A to point B.”
When HoneyBot was put through its paces, it performed well. Volunteers used a virtual interface to control the robot, but couldn’t see what was happening to it in real life. They were enticed to break the rules by being shown various forbidden shortcuts that would allow them to complete their task faster. Suffice to say, no such shortcut existed in reality. At the same time, the ‘hackers’ were shown simulated sensor data to tell them that they’d successfully accessed the shortcut.
When quizzed afterwards, the volunteer hackers truly believed that their ‘breakthrough’ was authentic and believable, which suggests the researchers are on the right track.
It’s an interesting project, and you can see HoneyBot in action via the video below.