According to TheRegister, Sweden’s researchers found that the password of the Pepper robot that Softbank started selling three years ago was simply and brutally set to four letters for the ROOT, and was noted in the user’s manual. And was written directly to death, the user can not change the password, but the hackers can swagger with this password to come in and then control the robot.
Of course, hackers want to fully control robots without the "fit" of other components.
Softbank's settings in hardware and software are just very "cooperating":
There is a problem with Pepper's processor, which requires only uname-a terminal command manipulation; Incidentally, Pepper's processor was the Intel AtomE3845 driver in 2013 and it was breached at the beginning of the year with the Meltdown/Spectre vulnerability.
The Pepper robot's API interface provides access to sensors, cameras, microphones, and moving parts. Specific functions are written in Python, C++, and Java. At the same time, Softbank does not deploy any measures to cope with brute force attacks. Pepper is exposed on port 9559, which accepts TCP messages. The service responds accordingly and as long as the information complies with the API, Pepper accepts packets from the sender and does not require authentication.
Pepper robots can also be managed via unencrypted HTTP. For this, problem-finding researchers feel that Softbank has lowered the IQ of the entire CS community:
"We firmly believe that in 2018, sales of products that are so vulnerable to such attacks are simply intolerable. Authentication over unencrypted communication channels is one of the most serious mistakes that software developers can make. Computer undergraduates It is understood that this mistake should be avoided, but it is regrettable that this problem has even appeared in the sale of commercial products."
In addition to these security issues, the researchers also discovered other bugs in Pepper:
For example, the application controls SimpleAnimatedMessages (SAM), which controls the walking of the robot. It can implement a simple layout to allow the Pepper to move; and it can be explained through a text-to-speech service and displayed on the screen of the robot.
However, this program cannot control the extension, even users can upload text in picture format - you can imagine one. Txt changed. Jpg or. Png upload execution?
Hacker Controls Pepper
Ordinary hackers manipulate the computer system to control the software, but Pepper is different. It starts a robot with feet and ears.
If a hacker controls Pepper, you may sneak into your life, monitor your privacy, and even trick you into saying Alipay's password.
The most frightening thing is that you do not know whether the hackers will control Pepper's hands and feet to launch physical attacks on you. It is not a good experience for the robot to hold the knife on his neck.
Railway insulator,Insulator fittings,Epoxy fiberglass rod,Composite insulator
TAIZHOU HUADONG INSULATED MATERIAL CO.,LTD , https://www.thim-insulator.com