No risk to customers from Pepper robot, says Emirates NBD
Emirates NBD deployed Softbank robot, which has been found to have security flaws, in customer service role
Emirates NBD has assured customers that its Pepper robot assistant has not compromised bank accounts or personal data.
A research paper published on 10th May reported that the robot, which is in use with a number of organisations in the UAE, has several serious security flaws which could make it vulnerable to hackers.
The UAE bank adopted the robot for customer service usage in 2016, with a number of the robots deployed at branches around the country.
A company spokesperson told itp.net that Pepper had only been used in non-critical customer support roles, including presenting product information and issuing queue tokens. The robot also has a happiness meter to gather feedback.
"We use Pepper for marketing engagement purposes and to provide assistance with issuing queueing tokens at some of our branches. We have not linked Pepper to individual customer accounts or any customer data. We continue to proactively manage the risks on all our technology investments and will adjust our approach accordingly," the Emirates NBD spokesperson said.
The security research team from two Scandinavian universities tested the Pepper robot, and found a number of basic problems with its cybersecurity, including unsecured logins and root access. The researchers reported that they "were able to steal the login credentials, perform a privilege escalation, and steal data. Moreover, we found out that it is possible to physically command the robot without authentication, use it to spy [on] people and, potentially, even directly harm them".
Softbank Robotics said in a statement that although it is urging customers to update their WiFi network security and passwords, the security testing was actually done an earlier model of the robot. The company said a previous report by IOActive had already revealed these issues.
"When in use of Pepper, we ask to maintain the WiFi network security, and also to set the robot passwords correctly. We will continue to improve our security measures on Pepper, so we can counter any risks we may face. The new version of Pepper, released this month, strengthens Pepper's security and corrects a lot of these problems," the company said in a statement.
The Pepper robot has gained popularity in the region in recent years, and was a common sight at GITEX Technology Week 2017. In November last year, the Dubai Electricity and Water Authority (DEWA), which announced it would deploy five robots to its Customer Happiness Centres.