Shortly on the heels of a previous study, which identified some 50 vulnerabilities and malware in robots from a range of robotic vendors, IOActive’s Cesar Cerrudo and Lucas Apa altered the code of the humanoid NAO robot by SoftBank Robotics. In a blog titled "Robots Want Bitcoins too!" they said the same would work on Pepper robots, since they have the same operating system.
Astonishing as it is, the researchers found that these AI products are exceptionally vulnerable to ransomware attacks; they could cripple businesses and even coerce their owners into paying a ransom, notably in Bitcoin, to "recover their valuable assets."
READ MORE: Hot News for Bitcoin Fanatics: Welcome New Heater That Can Mine Cryptocurrency
With that said, the attacker could achieve this without physically approaching the robot. The high-tech hijacker need only gain access to the Wi-Fi network the machine is on. Alternatively, attackers may disrupt a computer system connected to the same Wi-Fi network as the robot is, and conduct an attack using the hacked computer.
In the proof-of-concept attack, the researchers uploaded ransomware to a NAO robot. According to the press release, having introduced custom code "into any behavior file classes," they rendered the robot malicious and made it fly off the handle.
The infected robot showed hardcore pornographic content and swear words on its chest tablet, moved chaotically, and was unable to operate normally until a Bitcoin ransom was paid.
On top of that, the infected robot may be just the tip of the iceberg and serve as an easy entryway into other networks at a business, allowing hackers to penetrate and steal data. The economic implications of ransomware attacks on robots are huge, even greater than respect to regular ransomware, the researchers warned in their blog.
Most notably, it can take quite a while to ship $10,000 robots back to the developer, SoftBank, for repairs. It may be easier and more sensible to pay a ransom and return the machine to business without delay, scientists argue:
"Businesses lose money every second robots are non-operational — whether through lost revenue, production and/or repair costs. Paying a ransom to quickly get the robots working again could be cheaper than the alternative."
This is also the case with sex robots, where sending robots for repairs would ruin one’s privacy and lead to emotional burnout.
"In the special case of sex robots, where privacy and intimacy are a primary user concern, the lack of discretion when contacting technical support, arranging pickup and calling customer care, could incentivize users to pay a ransom for the return of a robot to avoid dealing with the emotional fallout."
READ MORE: Mystery of Three-Fingered Peruvian Mummies: ETs or Humans?
SoftBank Robotics has sold over 30,000 of these pricey robots to date— 20,000 Pepper machines are currently being used in businesses, such as Sprint, as automatized retailors, while 10,000 NAO robots are exploited as education and research tools. Though the company was promptly informed about the vulnerabilities, no flaws have been fixed so far.