One of the world’s most popular humanoid robots, Pepper, from Japanese tech conglomerate SoftBank, can easily be hacked and turned into a “cyber and physical weapon”, according to Swedish researchers.
Örebro University’s Alberto Giaretta, along with Michele De Donno and Nicola Dragoni of the Technical University of Sweden, have published their findings in a research paper called ‘Adding Salt to Pepper: A Structured Security Assessment over a Humanoid Robot’. The full paper is available for download here.
Pepper with everything
Unveiled in 2014, the Pepper robots are designed to be emotion-sensing platforms that can work in routine customer-facing roles in shops, hotels, and restaurants. Many are deployed in SoftBank stores, Carrefour supermarkets, shopping centres, Nestlé cafe outlets, and even some airports.
The robots – available in Japan for as little as $2,000 (costs are up to seven times higher in Europe) – have proved extremely popular with Japanese customers, including home buyers. In 2015, early production runs of the machines sold out in seconds.
However, the robot is riddled with serious security flaws, found the researchers, allowing unauthenticated remote control, with no countermeasures against brute-force attacks.
“The results of our experiments are alarming,” says the report. “We were able to steal the login credentials, perform a privilege escalation, and steal data. Moreover, we found out that it is possible to physically command the robot without authentication, use it to spy people and, potentially, even directly harm them.”
If this sounds “scary”, it adds, the reader should be “even more frightened by realising that SoftBank overlooked well-established security best practices and countermeasures. This product is exposed to extremely basic, yet very dangerous, flaws which were easily preventable since the beginning.”
Among the most serious vulnerabilities, Pepper’s admin page is unsecured, with a default root password, and the robot can easily be administered remotely over HTTP, rather than HTTPS. More, it runs a processor that is vulnerable to Meltdown/Spectre attack, allowing malicious code access to the robot’s memory.
The root account’s fixed password is ‘root’ (documented in the user manual), and any superuser command from the terminal would give an attacker full privileges.
Pepper’s API is “astonishingly insecure”, add the researchers. “Pepper exposes an API that enables users to program and command it.
“The APIs are available for a number of different programming languages, such as Python, C++, and Java. Users can operate the robot both through programs stored and run on Pepper itself, and through execution of remote scripts. In the latter case, Pepper APIs enable users to access all the sensors, cameras, and microphones included, as well as all the moving parts it has been equipped with, no exclusions.”
The manufacturer displayed an “evident shallowness, with respect to the security assessment of their device”, continues the report. “We have the feeling that commercial robots get on the market too quickly, evolving from research frameworks to final products without enough security investigation from the manufacturers.”
In November 2017, SoftBank upgraded the robot to accept payments by smartphone or smart cards, suggesting that if the core security vulnerabilities are not addressed by the manufacturer, then hackers might also be able to gain access to customers’ financial details.
Eyes and ears
The findings are certainly alarming, because Pepper’s eyes are cameras and its head also contains a 3D sensor and microphone, meaning that any successful hacker could, via TCP, see and hear whatever the robot does.
The latest upgrade of the humanoid robot allows it to remember customers’ faces and the details of their previous orders.
More, the robot is highly mobile – although humanoid, it moves on wheels – and features human-like arms and hands, meaning that any hacker in charge of the robot could use it to move about, grab things, or even attack someone.
Its chest holds a tablet-like touchscreen display, and researchers found that it was easy to access this remotely to display any kind of file, regardless of type.
“Our final goal is not only to report our findings, but also to highlight that such devices should undergo a stricter security evaluation, before becoming commercial products,” concludes the report. “We strongly believe that, in 2018, selling products that are so easily vulnerable to these kinds of attacks is not tolerable anymore.”
Internet of Business says
The report makes a telling point: “If this product were purely designed for research purposes, the very fact that no authentication is required might be a less worrisome issue.”
However, this apparently innocuous remark may actually reveal the root cause of the security problems.
Originally developed by Aldebaran Robotics in France (now SoftBank Robotics), Pepper runs the same operating system, NAOqi OS, as SoftBank’s other famous humanoid, NAO – as the name implies.
The toddler-sized NAO (pronounced ‘now’) machines were originally developed as research platforms for universities and robotics labs, but are also now commercially available.
This means, of course, that the same vulnerabilities that the researchers found in Pepper almost certainly affect NAO devices too.
There are thousands of NAO robots worldwide, with many now used in schools and colleges. Numerous education and storytelling apps are available for the machines – including for children who are on the autism spectrum – helping pupils to learn about coding and robotics.
The researchers found that Pepper’s admin page has a single user account, called ‘nao’, reinforcing the impression that Pepper is essentially a scaled-up version of NAO in a different case, with added functionality and dedicated apps. So the problem may simply be that the NAO robots’ research lab origins have never been addressed with commercial-grade security.
In pure technology terms, the blame lies with Aldebaran Robotics, which developed the NAO and Pepper machines before being acquired by SoftBank in 2015. However, SoftBank’s acquisition enabled the widespread commercial release of Pepper in Japan that summer.
The fact that SoftBank apparently failed to provide a deep security assessment of the robots it acquired from Aldebaran suggests that it may have put its determination to brand the first production run of Pepper robots ahead of customers’ security.
Also in SoftBank’s portfolio from the Aldebaran acquisition is the Romeo care robot, which is being developed to work alongside elderly and vulnerable people, either in their own homes, or in residential care facilities.
Robots could be seen as the eyes, ears, and hands of the internet, so the concept of a family of robots that are all equally insecure, hackable, and deployable as offensive weapons would be an alarming prospect: remote eyes, ears, and hands in every home, school, care home, or hospital.
So let’s hope that the technologies from SoftBank’s other recent robotics acquisition – Boston Dynamics, maker of the internet’s favourite door-opening robot dogs – don’t share the same security flaws.
Either way, SoftBank needs to take urgent steps to address the security problems of its Pepper and NAO machines, in order to reassure the thousands of robot owners worldwide.
- Read more: NHS to train staff in AI and robotics, says government
- Read more: China’s plans for global robotics dominance gather pace
- Read more: NVIDIA deep learning research helps robots learn in real time
- Read more: Skills: Pupils unprepared for AI and robotics, warns Sage
- Read more: Agtech: How robotics could dig farmers out of Brexit hole