[ROBOTIC] Security vulnerability: state of play of the Pepper Robot

    Danish and Swedish researchers in computer science and autonomous systems recently published a study that reveals multiple security vulnerabilities on Softbank Robotics’ Pepper robot. Commonly used in Nestlé outlets in Japan, this robot has major flaws that have been identified, ranging from the use of non-updated software to high exposure to XSS attacks. The Pepper robot is a robot used by many brands including Nestlé in its shops in Japan and notably for its points of sale for commercial animations and sales support purposes. Although this robot is sold to the general public, it presents important flaws.

According to the researchers, the study demonstrates “an embarrassing number of serious safety problems that show that the manufacturer has largely neglected all kinds of safety assessments before marketing its product”. According to these it would be easily possible for a hacker to usurp user identification information, steal data stored in the robot or access other connected devices that interact with it. According to the researchers, four “high” safety problems were found. They would be linked in particular to “the use of an administration page under HTTP and not HTTPS allowing the theft of identifiers in clear” or to “the absence of countermeasures to brute force attacks to break passwords used for robot programs. »