Novel approach to IoT security
IoT security is not a topic taken lightly in the world of technology today, threatening global trade, privacy and the basic infrastructure of modern society. So you could be forgiven for being taken aback at the fact that the newest defender of vulnerable systems against bad actors looks a little like Johnny 5 character from the classic movie “Short Circuit”.
Researchers at Georgia Tech’s School of Electrical and Computer Engineering have rolled out the HoneyBot robot, which, in essence, is a canary in the digital coal mine that offers an early warning of efforts to compromise an organisation’s systems.
HoneyBot is designed to look like a perfectly ordinary remote-controlled robot to anyone attempting to access it remotely, providing sensor data and movement information to that remote user. Where it differs however, is if a user tries to get it to do something the owner does not want it to do — HoneyBot can provide simulated responses to those commands without enacting them in the real world. So, if a malicious actor tried to get the device to run itself into a production line, for example, it could provide output indicating that it had done just that, while in reality simply sitting still and warning nearby personnel that it had been compromised.
What is more, the researchers have done preliminary testing that indicates the concept works. An experiment conducted in December 2017 found that users trying to virtually pilot the HoneyBot through a maze could not distinguish between real and simulated sensor data — those who attempted to take “forbidden” shortcuts through the maze thought that they were progressing normally, even though the robot was sitting still.
Raheem Beyah, the professor who spearheaded the HoneyBot’s creation, told the university’s information service that it can be tough to fool an astute hacker.
“If the attacker is smart and is looking out for the potential of a honeypot, maybe they’d look at different sensors on the robot, like an accelerometer or speedometer, to verify the robot is doing what it had been instructed,” he said. “That’s where we would be spoofing that information as well. The hacker would see from looking at the sensors that acceleration occurred from point A to point B.”
IDG News Service