Softbank Pepper robot discovered to have extensive security vulnerabilities

SoftBank's Pepper robot has significant security issues, notably unauthenticated administrative capabilities, according to a paper published by a group of researchers. 

Alberto Giaretta of Sweden's Örebro University and Michele De Donno and Nicola Dragoni of the Technical University of Denmark found that the Pepper anthropomorphic robot suffered from significant security vulnerabilities, including allowing for unauthenticated root-level access, having a default root password, being susceptible to brute-force attack as it did not have any protections against unlimited password attempts.

The researchers alleged that SoftBank Robotics 'extensively neglected any sort of security assessments before commercializing their product', and that it would be 'a breeze to remotely turn [Pepper] into a 'cyber and physical weapon', exposing malicious behaviours'.

➕ June 2021. Production of Pepper was stopped due to weak demand.

Research, advocacy 🧮

• Giaretta A. et al. Adding Salt to Pepper: A Structured Security Assessment over a Humanoid Robot

News, commentary, analysis 🗞️

• https://www.techrepublic.com/article/softbank-invested-almost-nothing-in-pepper-robot-security-creating-huge-business-risk/

• https://www.theregister.com/2018/05/29/softbank_pepper_robot_multiple_basic_security_flaws/

• https://internetofbusiness.com/softbank-pepper-robot-astonishingly-insecure-and-a-cyber-weapon/

• https://www.lemondeinformatique.fr/actualites/lire-le-robot-pepper-nid-a-vulnerabilites-de-securite-71896.html

• https://www.heise.de/security/meldung/Roboter-Pepper-kaempft-mit-massiven-Sicherheitsproblemen-4060743.html

• https://www.golem.de/news/roboter-pepper-ist-voller-sicherheitsluecken-1805-134648.html

• https://www.techzine.nl/nieuws/security/405204/pepper-de-menselijke-robot-is-eenvoudig-te-hacken