Posted by rgmekanic 1:24 PM (CDT)
Monday March 12, 2018
In an interesting blog post from IOActive, they have created a proof of concept ransomware attack on robots. Robots are getting more and more common, in businesses, homes, and schools. The SoftBank Pepper robot has over 20,000 units in use in businesses, and the NAO has over 10,000. These robots are also very expensive, and very hard to fix, making them prime for a ransomware attack, physically attack customers or workers, or perhaps just use the integrated screen to play pr0n for a classroom.
Exploit an undocumented function that allows remote command execution. This vulnerability is being disclosed to the public today. Even though SoftBank was notified January 2017, we aren’t aware of any fix available yet. This undocumented function allows executing commands remotely by instantiating a NAOqi object using the ALLauncher module and calling the internal _launch function.