If high-tech gadgets are on your holiday shopping list, it is worth taking a moment to think about the particular risks they may bring. Under the wrong circumstances, even an innocuous gift may introduce unexpected vulnerabilities. In this blog series, VERT will be looking at some of the Internet’s best-selling holiday gifts with an eye toward their possible security implications. Some of the risks discussed in this series may be over the top and even comical while others may highlight realistic problems you may not have considered.

In this post I’ll be looking at the Artie 3000 Coding Robot from Educational Insights. The Artie 3000 is a small robotic vehicle equipped with a pen for drawing. The robot is programmed via WiFi and can move forward or backward specified distances, rotate a specified number of degrees, and raise or lower the pen. Some readers may already be familiar with this as a form of turtle graphics. My first introduction to this concept was with a Logo programming language on the Apple IIe at school. I fondly remember typing out long lists of instructions and watching in amazement as the little on-screen turtle darted around the screen gradually drawing out whatever spirograph-esque pattern was described by the algorithm. The Logo programming language, which dates back to 1967, has many implementations aimed at introducing students to concepts of logic and programming. Artie 3000 continues in this tradition by allowing the user to create real-world turtle graphics using a variety of visual and textual programming languages.

Threat

Artie 3000 does not handle sensitive data (beyond perhaps a Wi-Fi passphrase) or pose any physical threat. This greatly reduces, but does not completely eliminate, Artie’s attack surface. A compromised robot could be used as a beachhead to deliver malware or exploits to connecting clients or (Read more...)