A vulnerability detected in Softbank Robotics’ NAO and Pepper robots can cause expensive ransomware attacks. These attacks can lead robots applied in businesses to stop working or perform inappropriate movements.
The flaw was revealed by Kaspersky Lab’ Security Analyst Summit by IOActive Labs back in January 2017. However, Softbank is not aware of any available patches.
According to researchers at IOActive Labs, the flaw can potentially allow cybercriminals target sensitive in-transit data that was collected on the robot, including video feed, audio records, payments or other business-related information. These ransomware attacks can cause serious financial damage.
It stands to reason, then, that service and/or production disruption is another strategy for attackers. Instead of encrypting data, an attacker could target key robot software components to make the robot non-operational until the ransom is paid.
The NAO and Pepper robots retail for about $10,000 and are one of the most popular research and education robots in the world: about 20,000 Pepper robots and approximately 10,000 are used worldwide. These robots are deployed in education, businesses, retail and industrial space. For instance, Sprint uses Pepper robots to assists customers at its US stores.
IOActive Labs has built a PoC in order to demonstrate the vulnerability. PoC targeted Softbank Robotics’ NAO robot that is also available to be applied to the Pepper robot. The company also exploited an undocumented feature which allows remote command execution, in order to deploy ransomware.
IOActive Labs noted that “This undocumented function allows executing commands remotely by instantiating a NAOqi object using the ALLauncher module and calling the internal _launch function.”
Further, researchers infected module files in order to adjust robot default settings, disable administration functions, record audio, and video files and send it to a C2. Then, cybercriminals are able to elevate privileges, adjust SSH options, change root passwords. In addition, cybercriminals are able to disrupt the factory reset mechanism, so users will not be able to uninstall the ransomware and restore the system.
What is more, cybercriminals are able to infect all behavior files, including custom code, by notifying infection to command and control servers.
IOActive Labs also added that the robot can be adjusted in malicious ways and do not change the project file.
What’s more concerning is that robots can also make movements. This ransomware could potentially compromise the robots and threaten human life if it could randomly hit out at an employee in the business.
Ransomware attacks are very effective with vulnerable robots due to the high cost and easy set-up. In addition, robot ransomware cannot be easily removed. IOActive also noted the security importance of security improvements to minimize the ransomware threat.