By Morgan T. McCulley
Softbank is an electronics company that works on developing mobile devices and robots. They are based in Japan and provide services such as internet, energy and online software. Some of the devices include iPhones, iPads, Apple Watch, Smartphones, etc. They even have their own card service and do sell accessories for the phones. Their biggest achievements are in robotics where they made Pepper and Nao.
Pepper and Nao are customer service robots that are now being used in stores and hotels worldwide. Pepper was introduced to the world in 2017 at CES by Softbank, the Japanese-based telecommunications company. Pepper is a humanoid machine that can evaluate your mood, move around and talk and is now found in places around the world, such as in malls and airports.
They also made Nao who also ran on the same programming; however, security company IOActive did their research on these robots. They were easily infected with malware and ransomware. These robots are no more protected than factory robots who also can be easily hacked. Unprotected modules in many functions of robots make the hacking easy and can affect whatever functions of the robot they want to, such as its movement and speech. This means the hackers can make the robots do or say anything they want them to. This also includes the passwords to access the robots’ functions, file executions and what it records. Only one unprotected section is needed to take over the whole robot and without any authentication required.
This was presented to Kaspersky Security Analyst Summit in Cancun, Mexico by Lucas Apa and Cesar Cerrudo. They were the researchers at IOActive who discovered these security issues. In the beginning, they said, “A robot is just a computer with arms, legs, and wheels. You can program it to do anything.” They showed just how flawed these robots are. Attacks applied to all the robots since they share programming. For example, they use tools from Open Robotics. Their ROS tools have no built-in security and developers have now been advised to use their own security measures. There is also the fact that the researchers said that all they need to access the module is to be on the same Wi-Fi network. Since most of the robots work in public places with public Wi-Fi, this is very likely to occur. Putting them on a private network would help but can not stop the problem altogether since hacking for Wi-Fi passwords is possible.
Spokesman Tim Smith from Open Robotics said they were “deliberately built without a security system” and “we explicitly chose not to implement our own security system within ROS because it would be worse to risk getting security wrong than to leave it out completely.” He also said that all communications are in clear-text, without any encryption, that can be accessed by anybody on the same network. They are now making a ROS 2 with built-in security, encryption, and authentication.
This indicates a lot of big problems with the future of robotic technology. Furthermore, these problems are much worse for robots than computers. Computers have security programs to stop this type of stuff and can be backed up. Meanwhile, it’s much more complex to solve in a robot since their coding has many more layers and require more lines of code for them to work. It would also cost companies millions in repairs as ransomware attacks have temporarily shut down production for companies like Cadbury and Honda.
Softbank spokesman Yusuke Abe stated in an email, “When in use of Pepper, we ask to maintain the Wi-Fi network security, and also to set the robot passwords correctly. We will continue to improve our security measures on Pepper so we can counter any risks we may face.” They are now working on better robot security measures.
Cerrudo added that the Japanese manufacturer said it couldn’t fix the flaws their researchers discovered because the robots weren’t built with security in mind. “It’s not easy for them to now add more security to them. Companies should think about security from day one. Because it’ll be more difficult and costly later on.”