Robots are prone to privacy leaks despite encryption

Researchers at the University of Waterloo have found that robots can pose serious privacy risks, even when their communications are encrypted. The study revealed that hackers can monitor encrypted network traffic and still identify what a robot is doing with remarkable accuracy. In experiments with a Kinova Gen3 robotic arm, the team showed that by analyzing subtle timing patterns in command data, hackers were able to detect specific tasks such as pouring water, pushing a button, or opening a drawer, with up to 97 per cent accuracy. This discovery raises significant concerns for industries and healthcare, where robots are increasingly used to assist with sensitive operations and handle private information. The researchers emphasize that simply encrypting communications is not enough to guarantee privacy, as underlying traffic patterns can still give away critical details. To address these risks, the team recommends implementing additional safeguards, including modifying robotic APIs to conceal action patterns and applying traffic-shaping algorithms to disguise data flow. These methods could help prevent attackers from learning sensitive information through indirect observation. The research highlights the importance of rethinking security practices as robotics becomes more deeply integrated into daily life and critical sectors. Their findings earned the Best Research Paper Award at the 20th International Conference on Availability, Reliability and Security (ARES 2025), underscoring both the urgency and impact of their work.