They call it Herb2. It’s a dapper robot, wearing a bowtie even while it sits at home in its lab at the University of Washington. Its head is a camera, which it cranes up and down, taking in the view of a dimly lit corner where two computer monitors sit.

All perfectly normal stuff for a robot—until the machine speaks: “Hello from the hackers.”

Clear across the country at Brown University, researchers have compromised Herb2. They’ve showed how they can scan for internet-connected research robots in labs and take command—with the blessing of the robot's owners at the University of Washington, of course.

“We could read the camera, essentially spying,” says roboticist Stefanie Tellex. “We could see where its arms were and they were moving. There was a text-to-speak API so we could have the robot mysteriously talk to you.”

[#video: https://www.youtube.com/embed/haQXGn_wOd4&feature=youtu.be

The researchers looked specifically at the Robot Operating System, or ROS, a favorite in robotics labs. Really, the name of it is a bit misleading—it’s more middleware that runs on top of something like Linux. But if you’ve got something like a Baxter research robot, you can use ROS to get the thing to do science. Maybe you want to teach it to manipulate objects, for instance.

So the researchers went a-hunting for robots running ROS that were hooked up to the internet, knowing that the operating system doesn’t come with security built in. Usually, that’s OK, because researchers tend to keep the things on their own secure networks, not a public one like the internet. “When we started work on ROS over 10 years ago we explicitly excluded security features from the design,” says Brian Gerkey, CEO of Open Robotics. “We wanted the system to be as flexible and as easy to use as possible and we didn't want to invent our own security mechanisms and potentially get them wrong.”

But if you connect your ROS-loaded robot to the internet, someone is liable to find it and get in. The Brown researchers used a tool called ZMap to do a scan of nearly 4 billion internet addresses. “What ZMap can do is send a package to every single host on the internet on a certain port and it will see if it gets a response back,” says security researcher Nicholas DeMarinis, of Brown. Different ports handle different services—web traffic is either 80 or 443, for instance, and ROS is on port 11311. “So if we ping every host on port 11311 and we get a response back, that might be something running ROS.”

They ended up finding over 100 instances of ROS, of which about 10 percent were actual robots (others were things like robots running in simulation, not the real world). That might not seem like much, but then again, research robots aren’t typically sitting around powered up and ready to be found all day. “Most people in the research community, they're turning the robot on and then working for a while and then turning it off,” says Tellex. And the researchers only did a few scans over the course of a few months, lest they overwhelm networks and piss people off. “We suspect that if you were scanning at a higher frequency, if we were doing a scan every week, you would find many more robots.”

The robots they did find they could characterize by looking at identifiers associated with a machine’s hardware. So something like “camera_info” would suggest the robot has a camera, and “joint_trajectory” would suggest that it has arms to move. Even more specifically, you might expect “gripper” to signal that the robot has hands. The real giveaway, though? Robots have unmistakable names. “You see the name Baxter, for one,” says DeMarinis. Mystery solved.