Adding Salt to Pepper: A Structured Security Assessment over a Humanoid Robot
This addresses security vulnerabilities in commercial robots, which could pose insider threats in various settings, though it is incremental as it applies existing assessment methods to a new robot.
The paper performed a structured security assessment of the Pepper humanoid robot, identifying numerous security flaws that could allow attackers to take over and command the robot, and suggested fixes to improve security.
The rise of connectivity, digitalization, robotics, and artificial intelligence (AI) is rapidly changing our society and shaping its future development. During this technological and societal revolution, security has been persistently neglected, yet a hacked robot can act as an insider threat in organizations, industries, public spaces, and private homes. In this paper, we perform a structured security assessment of Pepper, a commercial humanoid robot. Our analysis, composed by an automated and a manual part, points out a relevant number of security flaws that can be used to take over and command the robot. Furthermore, we suggest how these issues could be fixed, thus, avoided in the future. The very final aim of this work is to push the rise of the security level of IoT products before they are sold on the public market.