On the Cyber-Physical Security of Commercial Indoor Delivery Robot Systems
Fayzah Alshammari, Yunpeng Luo, Qi Alfred Chen
TL;DR
This paper addresses the security of Indoor Delivery Robots (IDRs) by performing the first comprehensive cyber-physical security analysis across commercial IDRs. It derives a general architecture from 40 models, identifies potential attack entry points, and conducts an initial experimental assessment of robot-side software using mobile-security tools, uncovering vulnerabilities such as insufficient binary protection and insecure data handling. The study provides a foundation for domain-specific attack class discovery and defense planning, highlighting the need to secure not just robots but also cloud integrations, control systems, and user interfaces. The findings have practical impact for manufacturers, operators, and policymakers seeking to mitigate risks to safety, privacy, and service integrity in indoor delivery ecosystems.
Abstract
Indoor Delivery Robots (IDRs) play a vital role in the upcoming fourth industrial revolution, autonomously navigating and transporting items within indoor environments. In this work, we thus aim to conduct the first security analysis of the IDR systems considering both cyber- and physical-layer attack surface and domain-specific attack goals across security, safety, and privacy. As initial results, we formulated a general IDR system architecture from 40 commercial IDR models and then performed an initial cyber-physical attack entry point identification. We also performed an experimental analysis of a real commercial IDR robot-side software and identified several vulnerabilities. We then discuss future steps.