![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
In an interesting blog post from IOActive, they have created a proof of concept ransomware attack on robots. Robots are getting more and more common, in businesses, homes, and schools. The SoftBank Pepper robot has over 20,000 units in use in businesses, and the NAO has over 10,000. These robots are also very expensive, and very hard to fix, making them prime for a ransomware attack, physically attack customers or workers, or perhaps just use the integrated screen to play pr0n for a classroom.
One of the attack methods is quoted below, and it's a little troublesome that SoftBank has had over a year, and still have not patched it. Once again, even if robots are still under human control, they will kill us ALL.
Exploit an undocumented function that allows remote command execution. This vulnerability is being disclosed to the public today. Even though SoftBank was notified January 2017, we aren’t aware of any fix available yet. This undocumented function allows executing commands remotely by instantiating a NAOqi object using the ALLauncher module and calling the internal _launch function.
One of the attack methods is quoted below, and it's a little troublesome that SoftBank has had over a year, and still have not patched it. Once again, even if robots are still under human control, they will kill us ALL.
Exploit an undocumented function that allows remote command execution. This vulnerability is being disclosed to the public today. Even though SoftBank was notified January 2017, we aren’t aware of any fix available yet. This undocumented function allows executing commands remotely by instantiating a NAOqi object using the ALLauncher module and calling the internal _launch function.