Softbank's Pepper robot raises security risks
Study shows Pepper robot has multiple security flaws making it easy to take over
Softbank's Pepper robot, a favourite of robotics projects in the region, is riddled with security holes.
A team of security researchers has discovered multiple vulnerabilities in the robot, which could be used to take control of many of its systems, the Register reports.
Pepper, from Softbank, has become a familiar fixture at exhibitions and trade fairs, and has also been utilised in a number of pilot projects for customer-facing robotics projects.
Researchers from the Technical University of Denmark and Orebro University in Sweden have published a paper detailing a number of flaws in the robot.
Among the issues Pepper suffers from is allowing unauthenticated root access and default root passwords. The Pepper API can be accessed remotely, with no apparent protection, which would provide an attacker with access to the robot's sensors, cameras, microphones, and moving parts.
The robot is also running a processor which vulnerable to the Spectre/Meltdown exploits.
The researchers said that they aimed to conduct a detailed security assessment of Pepper. The testing showed it was "extremely easy to take over and command it".
"The results of our experiments are alarming. We were able to steal the login credentials, perform a privilege escalation, and steal data. Moreover, we found out that it is possible to physically command the robot without authentication, use it to spy [on] people and, potentially, even directly harm them," wrote the researchers, Alberto Giaretta Michele de Donno, Nicola Dragoni, in the introduction to the paper.
"If this sounds scary, the reader should be even more frightened by realizing that SoftBank overlooked well-established security best practices and countermeasures. This product is exposed to extremely basic, yet very dangerous, flaws which were easily preventable since the beginning."
The research team suggest that in future, all commercial robots like Pepper should undergo thorough security evaluation before they are put on sale.
hacked robot, used for instance in a private home or even worse in
a public space, like an airport, can have tremendous consequences
for the safety of human beings, especially when it is a breeze to
remotely turn it into a "cyber and physical weapon", exposing ma-