A recent study by the University of Waterloo has revealed significant privacy vulnerabilities in collaborative robots, highlighting the need for enhanced protective measures.
Widespread Adoption of Robotics and Emerging Privacy Risks
In recent years, robotics have become widely used in both public and private sectors. Hospitals utilize robots as surgical assistants because of their precision and skill, while many manufacturing companies increasingly rely on robots for dangerous and hazardous jobs. Robots not only produce high-quality products quickly and consistently but also help enhance workplace safety.
However, despite their growing use, collaborative robots remain vulnerable to malicious attacks.If a hacker detects command patterns during operations, they can deduce sensitive patient information, such as medical conditions or medication routines—even if encryption protects the commands.
“Imagine a robot communicating with its controller. While you can’t understand the actual conversation, you can tell when the robot is speaking and when it isn’t,” explains Cheng Tang, the lead author and a third-year engineering undergraduate. By examining the frequency of communication, the duration of the exchanges, and the pauses in between, an attacker can deduce the types of commands being transmitted.
Remote Robot Control and Collaborative Efforts to Address Security Vulnerabilities
Dr. Yue Hu, a professor in the Department of Mechanical and Mechatronics Engineering, adds, “There is growing interest in the robotics field to control robots remotely by sending commands over networks. These robots could be located anywhere—from hospitals to factories, or even different countries. However, many don’t realize that connecting robots to networks exposes them to security vulnerabilities.”
These privacy issues led Hu to contact her former co-op student, Cheng, along with Drs. Diogo Barradas and Urs Hengartner, computer science researchers and members of the University of Waterloo’s Cybersecurity and Privacy Institute (CPI), to collaboratively find solutions. CPI brings together all six faculties of Waterloo and industry partners to protect critical Canadian infrastructure.
While past research has concentrated on privacy risks in teleoperated robotics—where humans control robots in real-time using devices like joysticks or virtual reality—this study focused on script-based robots that execute pre-programmed commands. This distinctive approach enables robots to perform tasks with minimal human involvement.
Analyzing Network Traffic to Identify Robot Actions Using Signal Processing
The team explored methods to identify a robot’s actions by examining its network traffic. They developed a classification approach inspired by signal processing techniques—similar to those used in noise-canceling headphones—that analyze and transform signals to extract information or enhance quality.
In their experiment, the researchers instructed a Kinova Gen3 robotic arm to perform four different tasks and collected 200 network traces, which are crucial for understanding the system’s data flow between the robot and its controller.
They found that robot commands generate specific traffic sub-patterns, and common signal processing methods—particularly signal correlation and convolution—can detect these patterns. Impressively, their technique was able to correctly identify the Kinova robot’s actions 97% of the time, even though the data was encrypted.
Addressing Privacy Risks Through Improved System Design and Security Measures
These findings indicate that robots have the potential to unintentionally expose sensitive information, ranging from industry secrets to patient privacy, highlighting the urgent need for stronger security measures in the robotics field.
Nevertheless, specific design adjustments could help prevent such data leaks and stabilize the network. The researchers suggest strategies like modifying the system’s interface—such as adjusting the timing of its application programming interface (API)—or implementing intelligent traffic shaping algorithms during operation.
Their work was recognized with the Best Research Paper Award at the 20th International Conference on Availability, Reliability and Security (ARES).
“The researchers published their study, On the Feasibility of Fingerprinting Collaborative Robot Network Traffic, in the ARES 2025 conference proceedings, and it also appears in the Lecture Notes in Computer Science book series.”
Read the original article on: Tech Xplore
Read more: Interacting With Robots Can Reduce Feelings of Loneliness Among Caregivers
