Bosses don’t usually approve of their employees roaming around, pretending to work. But that’s exactly what a new robot named the HoneyBot is designed to do.
Developed by engineers at the Georgia Institute of Technology, the HoneyBot is a four-wheeled decoy robot designed to bait hackers, and then fool them into thinking they’ve successfully exploited a functional factory machine.
“The HoneyBot is the first software hybrid interaction honeypot specifically designed for networked robotic systems,” Celine Irvene, a Georgia Tech graduate student who worked on the HoneyBot project, told Digital Trends. “It demonstrates that traditional computer security concepts, with slight modifications, can successfully be applied to other domains, such as robotics. This is exciting because in fields with critical systems subject to compromise, where security is not typically the main concern, it demonstrates a possible mechanism for defending and protecting them.”
Everything seems to be connected nowadays. And whether it’s a smart refrigerator, a networked MRI machine, or an internet-enabled factory robot, all connected devices run the risk of being hacked.
As its name suggests, the HoneyBot is based on the concept of honeypots, decoy computers that IT security firms use to lure, detect, and thwart hackers.
By using false sensor data, the HoneyBot pretends to be a functional factory robot, tricking hackers into setting it as a target. Once hacked, the robot can digitally simulate unsafe actions while physically performing safe ones. To remote users, the system response will look like the robot is following their unsafe exploits. In reality, the HoneyBot continues on its safe path. As hackers mess around with the false system, they leave behind valuable data that firms can use to better secure the network.
But if honeypots already abound, what’s the need for a robot?
“The importance of a physical hardware system over a purely software system can be summed in one word,” Irvene said, “believability.”
“The ingenuity behind the HoneyBot is that it is a physical system that will operate completely normal under ‘safe’ conditions,” she continued. “But once its triggered by an ‘unsafe’ action it switches into simulation mode, where it transmits responses back to the end user that come from device models, which have been previously built and utilize device physics to be as realistic as possible. The ability to accurately model device physics is lost on software systems and this greatly reduces the chances of fooling an intelligent attacker.”
There’s no set date for when the HoneyBot will be available. Irvene admits there’s more work needed to make the HoneyBot more believable to hackers, such as making the system more robust. But in blind trials the HoneyBot successfully tricked participants into thinking it was following their commands.