Hackers remotely take control of wheeled surveillance robots at Russian airport

A cybercriminal group claims to have compromised the systems of a robotics company specializing in surveillance solutions around the world. Identified as CaucasNet, the group shared via Twitter some screenshots of an allegedly compromised web portal, used as a control panel for surveillance robot vehicles at Sheremetyevo International Airport in Russia.

These Tral Patrol 4.0 devices, unmanned vehicles for ground surveillance, are designed for outdoor patrol due to their intelligent video surveillance system, which automatically scans the areas predetermined by their administrators. Affected devices are developed by SPM Robotics.

An alleged member of CaucasNet was interviewed by Daily Dot, claiming that hackers detected a critical vulnerability in the online administration panel to control these devices, which allowed them to take control of this technology.

The post includes a video that appears to prove the hackers’ claims. In this footage, you could see how the Tral Patrol devices were controlled by an unknown actor while the Ukrainian national anthem was played in the background.

The footage suggests that the attackers used one of the robots to communicate with an unknown English-speaking actor. Due to the appearance of the Ukrainian anthem, and the location of the incident, investigators believe that this could be a type of protest against the Russian military invasion into Ukrainian territory.

Representatives at Sheremetyevo International Airport declined to confirm or deny whether any of its robots had been compromised. SMP Robotics has also not issued any statements on the matter.

Cyberattacks against critical infrastructure in Russia have been a constant in the context of the invasion of Ukraine; A few weeks ago, a hacking group allegedly linked to Anonymous gained access to dozens of CCTV systems, sharing a message against the Russian president: “Putin is killing children,” the compromised monitors read.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.