- China is rapidly scaling its humanoid robotics sector, with projections suggesting up to 300 million units could eventually be deployed to offset population decline
- A Recorded Future report warns that compromised robots could be used for industrial espionage — or even physical attacks
- Telcos have a responsibility and opportunity to secure these IoT assets
Rogue humanoid robots are the stuff of science fiction. But research from threat intelligence company Recorded Future makes a compelling case that they're coming soon, and we'd better start work securing them now.
The argument is simple and direct: Major technology and automotive companies worldwide are investing in developing humanoid robots, including the Tesla Optimus Gen 2, Boston Dynamics Atlas and G-1, from the Chinese company Unitree. China is currently the leader and could eventually field about 300 million humanoid robots to offset its population decline. The U.S. might deploy 77 million robots.
"Having dominated the production of electric vehicles, China and its leadership are now aiming to dominate the humanoid robotics sector as well," according to the Recorded Future report, "The Future of Humanoid Robotics". Unitree's R-1 can be purchased now for about $5,500. "By 2060, studies project that up to three billion of these machines could coexist with humans, most of them serving in household and personal-assistant capacities," the report notes.
Notably, these robots would be connected Internet of Things devices, powered by artificial intelligence. That means that like all IoT devices, robots could be compromised by an attacker.
This threat is already real: "For example, researchers recently discovered a critical flaw in Unitree Roboticsʼ Bluetooth protocol that could let attackers wirelessly hijack its humanoid robots — machines already in use across labs, universities and law enforcement agencies. In another instance, researchers found leaked, hard-coded encryption keys that allow one compromised robot to infect others nearby, forming botnets with root-level control. One model also transmitted data to servers in China without user consent," the report noted.
The report focuses on the threats of industrial espionage and stolen designs. But the threats could be even more dire, Joe Rooke, director of risk insights at Recorded Future's Insikt Group, told Fierce in an interview.
Robots can be compromised through the supply chain or by Bluetooth. These include military robots armed with weapons. "These things can be turned on their human operators," Rooke said. He compared the scenario to the 2004 Will Smith movie "I, Robot," where benign humanoid robots start killing their human charges.
A dramatic viral video from May claims to show a "robot going berserk during testing," flailing its arms around while its human handlers fearfully scramble for safety. Rooke explained that the robot wasn't on a rampage; likely it was simply acting on an error that led the machine to believe it was falling. But the video makes the point that robots are potentially dangerous, he said.
Why does this matter for telcos? Well, operators have both responsibility and opportunity in providing network security for robots and other IoT devices. "Telcos have an important role to play in this," Rooke said. Telcos should monitor updates going over networks, ensure only verified robots connect and monitor for abnormal behavior.
"Telcos have a huge amount of telemetry they can analyze," Rooke said. "Telcos have a responsibility to monitor for abnormal behavior."