Next Gen Social Engineering: Hacking Humans with Social Roboticist, Straithe
Security Voices - A podcast by Security Voices
Categories:
In the midst of the COVID-19 pandemic, it’s easy for thoughts to stray to the apocalypse. Nowhere is this tendency more common than when we talk about robots. Decades of books, movies and television have explored the topic of “when robots attack” and the calamity that follows. Today, domestic robots struggle to make it up the stairs and Siri can’t reliably order take-out… or even take notes. It all feels very far-fetched. And it is.
However, if we move past the science fiction and look more closely at developments between humans and robots, we can begin to see some startling developments. This is the domain of Straithe, a pioneering researcher who studies how interactions between humans and robots can be abused and manipulated. We know very well how email, phone calls and websites can be used as part of elaborate social engineering schemes, what happens when the attacker’s tool looks like a person and can physically interact with us?
While domestic robots like the Jetson’s Rosie are not wheeling around our houses today, we are being implicitly trained to interact with digital assistants such as Amazon’s Alexa, Apple’s Siri and many others. While the privacy implications of having such assistants always listening is much discussed, we’re only beginning to understand how matters change when they take physical form such as Knightscope’s K5 or Softbank’s Pepper the Robot.
Straithe explains how these robots not only create serious privacy concerns through passive collection and instant transmission of everything from license plates to MAC addresses, but also how people are likely to react for them if they are used for ill intent. She explains early research that indicates robots are effective at getting people to do things on their behalf. When you combine these factors with a spotty record of robot security vulnerabilities, the potential for genuine harm through robots goes from far-fetched to near future.
Our ~60 minute conversation with Straithe is hopefully a break from whatever you’re dealing with during the current crisis. We hope you find this glimpse into a fascinating corner of cyber security research a diversion from whatever you’re dealing with presently and useful framing for what lies ahead.