惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The Last Watchdog
The Last Watchdog
博客园_首页
Martin Fowler
Martin Fowler
S
SegmentFault 最新的问题
美团技术团队
小众软件
小众软件
V
V2EX
博客园 - Franky
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
The GitHub Blog
The GitHub Blog
Microsoft Security Blog
Microsoft Security Blog
Attack and Defense Labs
Attack and Defense Labs
S
Security Affairs
Simon Willison's Weblog
Simon Willison's Weblog
I
Intezer
T
The Exploit Database - CXSecurity.com
有赞技术团队
有赞技术团队
S
Schneier on Security
人人都是产品经理
人人都是产品经理
Security Archives - TechRepublic
Security Archives - TechRepublic
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
K
Kaspersky official blog
PCI Perspectives
PCI Perspectives
AI
AI
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
罗磊的独立博客
O
OpenAI News
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
The Register - Security
The Register - Security
V
Vulnerabilities – Threatpost
GbyAI
GbyAI
博客园 - 【当耐特】
C
Cisco Blogs
大猫的无限游戏
大猫的无限游戏
Help Net Security
Help Net Security
Google DeepMind News
Google DeepMind News
S
Securelist
Application and Cybersecurity Blog
Application and Cybersecurity Blog
P
Proofpoint News Feed
博客园 - 三生石上(FineUI控件)
雷峰网
雷峰网
L
LangChain Blog
SecWiki News
SecWiki News
博客园 - 叶小钗
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
V2EX - 技术
V2EX - 技术
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
J
Java Code Geeks
L
LINUX DO - 热门话题
Cisco Talos Blog
Cisco Talos Blog

The Register - Security: Research

www.theregister.com Self-destructing Mistic backdoor linked to access broker selling corporate footholds to ransomware gangs PRC-linked spies hid inside medical and military networks for more than a year, snooping through Gmail and stealing data Nobody needs Mythos or 0-days to build a chaos-causing computer worm – free open source models work just fine ChatGPT blindly trusts browser content, turning the page into a payload Russia-linked threat group put ChatGPT to work from lure to payload Kids can bypass some age checks with a drawn-on mustache What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia ORNL builds more sensitive GPS interference detector Researchers find sabotage malware that may predate Stuxnet Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus Anthropic, Google, Microsoft paid AI bug bounties – quietly Security reserchers tricked Apple Intelligence into cursing Don't open that WhatsApp message, Microsoft warns Security boffins harvest bumper crop of API keys from web Lightning-fast exploits mean patch fast, says Cisco Talos AI agents are 'gullible' and easy to turn into your minions Smooth criminals talking their way into cloud environments, Google says Snoops plant info-stealing malware on iPhones, Google warns Cybercrime up 245% since the start of the Iran war Rogue AI agents can work together to hack systems Fake applicants are sending security-killing malware AI agent hacked McKinsey chatbot for read-write access Kaspersky: No signs Coruna iPhone exploit kit made by US Perplexity Comet browser hole was exploitable via cal invite DEF CON hackers 'fed up with government,' Jake Braun says DEF CON hackers 'fed up with government,' Jake Braun says Ransomware payments cratered in 2025 – attacks did not Ransomware payments cratered in 2025 – attacks did not Claude's collaboration tools allowed remote code execution AI takes a swing at online anonymity Fake 'interview' repos lure Next.js devs into running secret-stealing malware Threat intelligence supply chain is full of weak links AI agents abound, unbound by rules or safety disclosures RAT disguised as an RMM costs crims $300 a month Android malware taps Gemini to navigate infected devices Posting AI caricatures on social media is bad for security Payroll pirates conned the help desk, stole employee’s pay Microsoft boffins show LLM safety can be trained away For the price of Netflix, crooks can rent AI crime ops For the price of Netflix, crooks can rent AI crime ops Fast Pair, loose security: Bluetooth accessories open to silent hijack Fast Pair flaw exposes Bluetooth devices to hijacking A simple CodeBuild flaw put every AWS environment at risk A simple CodeBuild flaw put every AWS environment at risk DeadLock ransomware uses smart contracts to evade defenders Python libraries in AI/ML models can be poisoned w metadata OpenAI patches déjà vu prompt injection vuln in ChatGPT Fake Windows BSODs check in at Europe's hotels to con staff into running malware Hotel staff tricked into installing malware by bogus BSODs Your car’s web browser may be on the road to cyber ruin China's Ink Dragon hides out in European government networks Browser 'privacy' extensions have eye on your AI, log all your chats NCSC finds cyber deception tools work, if deployed right 10K Docker images spray live cloud creds across the internet 'Botnets in physical form' are top humanoid robot risk Apache warns of 10.0-rated flaw in Tika metadata toolkit Novel clickjacking attack relies on CSS and SVG 'Exploitation is imminent' of max-severity React bug Swiss government bans SaaS and cloud for sensitive info Scattered Lapsus$ Hunters stress testing Zendesk weak spots HashJack attack shows AI browsers can be fooled with '#' New ClickFix attacks use fake Windows Updates to swipe creds Years-old bugs in open source took out major clouds at risk LLM-generated malware improving, but not operational (yet) 3.5B WhatsApp users' info scooped through enumeration flaw 3.5B WhatsApp users' info scooped through enumeration flaw 50k more ASUS routers pwned by evolving Beijing-linked op Overconfidence is the new zero-day as teams stumble through cyber simulations LLM side-channel attack could allow snoops to guess topic Landfall spyware used in 0-day attacks on Samsung phones MIT Sloan shelves paper about AI-driven ransomware Security hole slams Chromium browsers - no fix yet OpenAI Atlas Browser tripped up by malformed URLs Devs of VS Code extensions are leaking secrets en masse Chatbots that butter you up make you worse at conflict Tile trackers leak unencrypted Bluetooth data, say boffins Beijing's RedNovember hacked critical US, global orgs Lazarus RAT code resurfaces in North Korean IT-worker scams Suspected Chinese spies broke into 'numerous' enterprises Deepfaked calls hit 44% of businesses in last year: Gartner Kaspersky: RevengeHotels returns with AI-coded malware Ruh-roh. DDR5 memory vulnerable to new Rowhammer attack HybridPetya ransomware dodges UEFI Secure Boot
'Botnets in physical form' are top humanoid robot risk
2025-12-09 · via The Register - Security: Research

INTERVIEW Imagine botnets in physical form and you've got a pretty good idea of what could go wrong with the influx of AI-infused humanoid robots expected to integrate into society over the next few decades.

Morgan Stanley recently predicted robot revenue could surpass $5 trillion by 2050, and firms including Unitree Robotics, Agility Robotics, and Engineered Art, along with major carmakers including BMWToyota, Tesla, and Hyundai (which also owns Boston Dynamics), are all developing humanoid robots.

These bipedal machines and their four-legged friends are slated for use on the battlefield and in law enforcement operations, in labs and academia, plus warehouses and manufacturing facilities. As such, building security into these robots "is imperative," Joseph Rooke, risk insights director at Recorded Future's Insikt Group, told The Register.

REG AD

With 3 billion of these robots in use by 2060, according to BofA Global Research's forecast, the worst-case scenario from a security perspective would be "an I, Robot situation with no coming back," Rooke said in an interview. "Botnets in a physical form is now."

REG AD

In a report published Tuesday, Rooke outlines the potential fallout of not taking these precautionary measures immediately, and predicts a whole new industry dedicated to securing these robots will likely emerge in the next decade.

This isn't just the stuff of Hollywood or sky-is-falling security vendors either.

Researchers in late September published technical details about a working proof-of-concept hack that exploited multiple security flaws – hardcoded cryptographic keys, trivial authentication bypass, and unsanitized command injection – in Unitree Robotics' Bluetooth Low Energy (BLE) Wi-Fi configuration interface used by the Chinese company's humanoid robots.

"What makes this particularly concerning is that it's completely wormable – infected robots can automatically compromise other robots in BLE range," wrote Víctor Mayoral-Vilches, Andreas Makris, and Kevin Finisterre. "This vulnerability allows the attacker to completely take over the device."

Three factors combine to form the "perfect storm" for these embodied AI systems, according to Rooke.

"First: we already use robotics, we've been using robotics in factories for a long time, and now we're developing walking ones," he said. 

You've got robotics, you've got AI, and now you've got the need. It's the perfect storm for this to just skyrocket

"The second thing is, we've got the means for these embodied things to learn, so their sensors and their hearing devices can now learn the same way that you train an AI in a server box where it's contained."

The third factor has to do with the global population decline combined with an aging population, which is expected to lead to labor shortages and many countries turning to technology in general – robots in particular – to boost productivity.

REG AD

"You've got robotics, you've got AI, and now you've got the need," Rooke said. "It's the perfect storm for this to just skyrocket."

Like with any internet-connected devices, robots are vulnerable to cyberattacks in the form of hijacking, data leaks, and long-term espionage and IP theft, putting not only the users of these machines at risk but also the companies (and their suppliers) that make humanoid robots.

While Recorded Future hasn't publicly reported any robotics firm breaches, its threat hunters have been tracking RedNovember (Microsoft calls this crew Storm-2077) and other Chinese government-sponsored spy groups that target defense, electronics, and manufacturing companies.

"I don't have specific evidence of them going after robotics, although absolutely it's their MO,"  Rooke said. "If your sector is listed in China's 15th five-year plan, you're basically being given a heads-up." 

The most recent five-year plan puts a big emphasis on AI and smart robots and their role in economic growth.

However, as Russia (with limited success thus far) and other nations put more resources into humanoid robot R&D, "espionage makes sense in terms of the dangers that the actual robots themselves face," according to Rooke.

Along similar lines, if your company supplies critical components to a firm developing advanced robots, consider your firm at risk of being targeted in a larger supply chain, he added.

There's also potential security risks for consumers as home-helper humanoid robots like Neo hit the market, and to that end Rooke says it's likely to be the consumer's responsibility to update the robots' software, similar to what happens after someone buys a laptop. "It's my job to update my Mac, or I am liable for problems if I get hacked because I haven't updated it," he explained. "The same thing could happen with some of these robots."

REG AD

Additionally, he expects to see a new crop of companies specifically designed to secure humanoid robots emerge – so put that on your RSAC bingo card for 2030 and beyond. These machines are essentially IoT devices, Rooke said.

But they've also got embedded AI systems. And unlike other big, heavy IoT machines – like a connected refrigerator that tells you when you're running low on milk – these robots walk on two feet, and come equipped with "eyes" and "ears" that presumably could be co-opted for all manner of nefarious purposes.

Rooke says it's pretty speculative at this point what humanoid robot security startups will look like, but he has one guess: "IoT on steroids." ®