IF BEING possessed by a manic Amazon Echo has got you freaked out – don’t worry, the humans are fighting back.
This week saw the first demonstration of Pepper, the annoyingly chirpy robot, being infected with malware in a proof of concept.
A paper from security company IOActive entitled “Robots Want Bitcoins Too!”, shows how robots like Pepper (yeah, the Buddhist funeral one) and NAO, both commercially available and both made by Softbank, can be targeted by ransomware.
“It’s no secret that ransomware attacks have become a preferred method for cybercriminals to get monetary profit by encrypting victim information and requiring a ransom to get the information back,” said Lucas Apa, senior security consultant at IOActive.
“Knowing that, we decided to conduct a proof-of-concept ransomware attack on the NAO robot, leveraging vulnerabilities we uncovered in our prior research in 2017. What we found was pretty astonishing: ransomware attacks could be used against business owners to interrupt their businesses and coerce them into paying ransom to recover their valuable assets.
“The robots could also malfunction which may take weeks to return them to operational status. Unfortunately, every second a robot is non-operational, businesses and factories are losing lots of money.”
By injecting custom code into behaviour file classes, researchers were able to alter the robot’s behaviour. Using this technique, they explained that it would be possible to bork the robot completely, or do something mischievous like teach it bad language, put dinkle-pics on its display, or even Kill All Humans…
“Even though our proof of concept ransomware impacted SoftBank’s NAO and Pepper robots, the same attack could be possible on almost any vulnerable robot,” added Apa.
“Robot vendors should improve security as well as the restore and update mechanisms of their robots to minimize the ransomware threat. If robot vendors don’t act quickly, ransomware attacks on robots could cRipple businesses worldwide.”
Softbank was informed of the glitches in January but as yet, has made no comment about fixes. µ
Source : Inquirer