Just like a spy agency might set up a honeypot to seduce a person into divulging secrets, Georgia Tech researchers have designed the HoneyBot to trick network troublemakers into getting stuck before they can breach an industrial system. The HoneyBot — which is small enough to fit in a shoebox — will extract information from the foiled invader to pass on to cybersecurity experts.
The explosion in internet-connected devices offers hackers many more points of entry into systems, even those behind formerly adequate protection. Many of the devices on the internet of things came online years ago and were not designed with sufficient built-in protection from hacking attacks. The March 2018 attack on Atlanta municipal computers — in Georgia Tech’s hometown — is the most recent evidence of the damage malefactors can cause. In this case, no one was physically injured. But a hacker who gets control of an industrial robot, especially a mobile robot, has the potential to wreak havoc.
The idea of using a honeypot to lure hackers is not new; computer security experts have deployed these traps for years. By collecting information about incoming attacks, HoneyBot provides experts tools necessary to study attackers and to learn their methods and potentially who they are.
“The idea behind a honeypot is that you don’t want the attackers to know they’re in a honeypot,” Raheem Beyah, Motorola Foundation Professor in Georgia Tech’s School of Electrical and Computer Engineering, said. “If the attacker is smart and is looking out for the potential of a honeypot, maybe they’d look at different sensors on the robot, like an accelerometer or speedometer, to verify the robot is doing what it had been instructed. That’s where we would be spoofing that information as well. The hacker would see from looking at the sensors that acceleration occurred from point A to point B.”
For the ploy to work, an attacker has to be tricked into thinking that HoneyBot’s sensors are in a factory’s robot, not in a trap. HoneyBot might follow an invader’s innocuous commands — to move around, for example — but stop short of causing damage. The Georgia Tech researchers tested their small robot’s ability to fool users in December 2017. Volunteers guided HoneyBot through a maze using a virtual interface; some used illegal shortcuts to finish the maze faster.
But there were no shortcuts, legal or illegal. Software successfully created a false impression that the volunteers were in charge of the robot. In an actual situation on a factory floor, HoneyBot might sit quietly in a corner until a hacker signs on. Then it could start moving and provide a visual alert that the system is under attack.
The Georgia Tech research is supported by the National Science Foundation.