Incident Details

Incident: Vulnerability in SoftBank Robots Allows Ransomware Attacks on Pepper and Nao

Published Date: 2018-03-09

Postmortem Analysis
Timeline	1. The software failure incident involving the vulnerability and malware infection of SoftBank's robots Pepper and Nao was reported in the article published on 2018-03-09 [69281]. Estimation: Step 1: The article mentions that the researchers presented their findings at the Kaspersky Security Analyst Summit in Cancun, Mexico, on Friday. Step 2: The article was published on 2018-03-09. Step 3: Based on the information, the incident likely occurred on Friday before the article was published, which would be March 9, 2018.
System	1. SoftBank's Pepper and Nao robots 2. Robot Operating System (ROS) [69281]
Responsible Organization	1. SoftBank - The software failure incident involving the vulnerability and insecurity of the Pepper and Nao robots was caused by the lack of security measures implemented by SoftBank, the developer of the robots [69281].
Impacted Organization	1. SoftBank [69281]
Software Causes	1. The software cause of the failure incident was the vulnerability of SoftBank's robots, Pepper and Nao, to malware attacks, specifically ransomware, due to an unprotected module hidden within their functions [69281].
Non-software Causes	1. Lack of security measures in the design and implementation of the robots by SoftBank [69281] 2. Vulnerabilities in the robots' hardware components that allowed for unauthorized access [69281] 3. Inadequate consideration of security risks during the development of the robots [69281]
Impacts	1. The ransomware attack on SoftBank's robots, including Pepper and Nao, resulted in the robots being compromised and controlled by hackers, leading to potential demands for bitcoin and malicious behavior [69281]. 2. The ransomware attack on the Cadbury chocolate factory and Honda's car plant in Japan caused production shutdowns, resulting in financial losses for the companies [69281]. 3. The vulnerability of factory robots to hacking poses a significant risk to industrial operations, potentially leading to production disruptions and financial impacts [69281]. 4. The lack of security in the Robot Operating System (ROS) used by SoftBank's robots, with clear-text communications and no encryption, exposes the robots to cyber threats and unauthorized access [69281]. 5. SoftBank's robots, operating in public spaces with public Wi-Fi networks, are susceptible to attacks from individuals on the same network, highlighting the need for improved security measures such as private Wi-Fi networks [69281].
Preventions	1. Implementing proper authentication and encryption protocols within the Robot Operating System (ROS) could have prevented the software failure incident [69281]. 2. SoftBank could have built the robots with security in mind from the beginning, considering security measures as a fundamental aspect of the design and development process [69281]. 3. SoftBank could have regularly updated the robots' software to patch vulnerabilities and enhance security measures [69281]. 4. Using private Wi-Fi networks for the robots instead of public Wi-Fi networks could have increased security and reduced the risk of unauthorized access [69281].
Fixes	1. Implementing a security system within the Robot Operating System (ROS) to include authentication and encryption [69281]. 2. Developing a new version of ROS, ROS 2, with security in mind [69281]. 3. Improving robot security measures by maintaining Wi-Fi network security and setting robot passwords correctly [69281]. 4. Putting the robots on their own private Wi-Fi networks to enhance security [69281].
References	1. IOActive researchers - Lucas Apa and Cesar Cerrudo [69281] 2. SoftBank - Yusuke Abe, a SoftBank spokesman [69281] 3. Open Robotics - Tim Smith, a spokesman for Open Robotics [69281]

Software Taxonomy of Faults

Category	Option	Rationale
Recurring	one_organization, multiple_organization	(a) The software failure incident related to vulnerable and insecure robots being susceptible to malware attacks has happened again within the same organization. SoftBank's robots, including Pepper and Nao, were found to be vulnerable to malware infections, with researchers from security company IOActive demonstrating how they could hack into the robots and take control of various functions [69281]. This indicates a recurring issue with security vulnerabilities in SoftBank's robot products. (b) The software failure incident of robots being vulnerable to malware attacks has also been a concern at other organizations. The article mentions that the Cadbury chocolate factory and Honda's car plant in Japan experienced ransomware attacks that impacted their production due to vulnerabilities in their robots [69281]. This suggests that the issue of robots being susceptible to malware attacks is not limited to SoftBank's products but is a broader concern across different organizations utilizing robots in various industries.
Phase (Design/Operation)	design, operation	(a) The software failure incident related to the design phase can be seen in the vulnerability and insecurity of SoftBank's robots, Pepper and Nao. Researchers from security company IOActive discovered that these robots can be infected with malware, and they were able to hack into the Nao robot by exploiting an unprotected module hidden within its functions. This vulnerability was a result of the design and development of the robots, as they work through a series of commands and modules without proper authentication measures in place [69281]. (b) The software failure incident related to the operation phase is evident in the ransomware attacks that affected companies like the Cadbury chocolate factory and Honda's car plant in Japan. These attacks forced production shutdowns due to the impact on the robots used in these facilities. The operational impact of ransomware on robots is significant, as it can lead to costly disruptions in production processes. This highlights the operational risks associated with using vulnerable robots in industrial settings [69281].
Boundary (Internal/External)	within_system	(a) within_system: The software failure incident described in the article is primarily within the system. The vulnerability and insecurity of the SoftBank robots, Pepper and Nao, were discovered by researchers from security company IOActive. The researchers were able to infect the robots with ransomware and take over their functions by exploiting an unprotected module within the robots' software [69281]. The lack of security within the Robot Operating System (ROS) used by these robots also contributed to the within-system failure, as all communications were in clear-text without encryption, making it easy for attackers to access the robots' functions [69281].
Nature (Human/Non-human)	non-human_actions	(a) The software failure incident occurring due to non-human actions: The software failure incident in the article was primarily due to vulnerabilities in the robots created by SoftBank, specifically the Nao robot, which allowed for malware infections and ransomware attacks. The robots were found to have an exposed module that could be exploited by attackers without requiring authentication, leading to complete control over the machines. Additionally, the Robot Operating System (ROS) used by the robots was built without a security system, making communications vulnerable to interception [69281]. (b) The software failure incident occurring due to human actions: The article does not specifically mention any software failure incident occurring due to contributing factors introduced by human actions.
Dimension (Hardware/Software)	hardware, software	(a) The software failure incident related to hardware can be seen in the vulnerability of SoftBank's robots, Pepper and Nao, to malware attacks. Researchers from security company IOActive discovered that these robots can be infected with malware, and they were able to hack into the robots through an unprotected module hidden within their functions. This vulnerability allowed them to take over the entire machine without requiring authentication, demonstrating a hardware-related security flaw [69281]. (b) The software failure incident related to software can be attributed to the lack of security measures in the Robot Operating System (ROS) used by SoftBank's robots. The ROS, deliberately built without a security system, operates with all communications in clear-text without encryption, making it vulnerable to attacks. This software-related issue highlights the importance of implementing robust security measures within the software systems to prevent unauthorized access and manipulation [69281].
Objective (Malicious/Non-malicious)	malicious	(a) The software failure incident described in the article is malicious in nature. Researchers from security company IOActive discovered that SoftBank's robots, Pepper and Nao, could be infected with malware. They were able to put ransomware on the Nao robot, turning it into a demented-sounding machine demanding bitcoin. The ransomware locked up the robot until a payment was made, highlighting the vulnerability of robots to such attacks [69281]. The incident involved intentional actions by the researchers to demonstrate the security vulnerabilities in the robots, indicating a malicious objective.
Intent (Poor/Accidental Decisions)	poor_decisions	(a) The software failure incident related to the vulnerability of SoftBank's robots to malware and ransomware can be attributed to poor decisions made during the development and implementation of the robots' software and security measures. The researchers from security company IOActive discovered that the robots, including Pepper and Nao, could be easily infected with malware and ransomware due to an unprotected module hidden within their functions [69281]. Additionally, the Robot Operating System (ROS) used by these robots was deliberately built without a security system, with all communications being in clear-text without encryption, making it vulnerable to attacks [69281]. SoftBank, the manufacturer of the robots, admitted that the robots were not built with security in mind, and they were unable to fix the flaws discovered by the researchers due to the lack of initial security considerations [69281]. (b) The software failure incident can also be attributed to accidental decisions or unintended consequences. The lack of security measures in the robots, such as encryption and authentication, was not a deliberate choice to compromise security but rather an unintended consequence of the design decisions made during the development of the Robot Operating System (ROS) [69281]. The developers behind ROS, Open Robotics, mentioned that they chose not to implement a security system within ROS to avoid the risk of getting security wrong, rather than intentionally leaving out security measures [69281]. This accidental decision led to the vulnerability of the robots to cyber attacks, highlighting the importance of considering security from the early stages of development to avoid costly security issues later on [69281].
Capability (Incompetence/Accidental)	development_incompetence, accidental	(a) The software failure incident in the article can be attributed to development incompetence. The researchers from security company IOActive were able to hack the Nao robot, developed by SoftBank, by exploiting an unprotected module hidden within its functions. They found an exposed module that allowed them to take over the entire machine without requiring authentication. This indicates a lack of professional competence in ensuring the security of the robot's software [69281]. Additionally, the article mentions that SoftBank acknowledged the security vulnerabilities in their robots and stated that they are working towards better robot security measures, indicating a need for improvement in their development practices. (b) The software failure incident can also be considered accidental as the vulnerabilities that allowed the researchers to hack the robot were not intentionally designed into the system. The researchers discovered a flaw in the software that was not intended to be exploited in such a manner. SoftBank mentioned that the robots were not built with security in mind, indicating that the vulnerabilities were not deliberately introduced but rather overlooked during the development process [69281].
Duration	permanent	(a) The software failure incident described in the article is more likely to be permanent. The vulnerability and insecurity of the SoftBank robots, Pepper and Nao, to malware attacks, specifically ransomware, indicate a fundamental flaw in their design and software architecture. The article highlights that the robots can be infected with malware, and the researchers were able to take over the entire machine without requiring authentication. SoftBank's robots, including Pepper and Nao, run on software that lacks security measures, such as encryption and authentication, making them highly susceptible to attacks. The manufacturer, SoftBank, acknowledged the flaws but mentioned the difficulty in adding more security to the robots due to their initial design without security in mind [69281].
Behaviour	crash, value, other	(a) crash: The software failure incident described in the article can be categorized as a crash. The researchers were able to take over the entire robot, change its functionalities, passwords, voice, movements, and camera recordings without requiring authentication. This indicates a failure of the system losing control and not performing its intended functions as designed, leading to a crash-like state for the robot [69281]. (b) omission: The incident does not specifically mention a failure due to the system omitting to perform its intended functions at an instance(s). Instead, the focus is on the system being compromised and manipulated by the researchers, leading to unauthorized control over the robot's functionalities [69281]. (c) timing: The incident does not relate to a failure due to the system performing its intended functions correctly but too late or too early. The primary concern is the vulnerability of the robots to malware attacks and the potential consequences of such attacks on the operations of companies utilizing these robots [69281]. (d) value: The software failure incident can be associated with a failure due to the system performing its intended functions incorrectly. The researchers were able to change the robot's behaviors, messages, and actions to deviate from their original purpose, showcasing a failure in the system's ability to maintain its intended functionalities accurately [69281]. (e) byzantine: The incident does not align with a failure due to the system behaving erroneously with inconsistent responses and interactions. The focus is more on the security vulnerabilities of the robots and the potential risks associated with unauthorized access and control over the robots' functionalities [69281]. (f) other: The behavior of the software failure incident can be described as a security breach leading to unauthorized access and control over the robot's functionalities. The incident highlights the critical issue of cybersecurity vulnerabilities in robots, which can result in significant disruptions and potential financial losses for companies relying on these machines [69281].

IoT System Layer

Layer	Option	Rationale
Perception	network_communication, embedded_software	(a) Sensor: The software failure incident reported in the article is related to the embedded software error rather than a sensor error. The failure was due to vulnerabilities in the robots' software that allowed researchers to take over the entire machine without requiring authentication [69281]. (b) Actuator: The software failure incident did not involve an actuator error. The researchers were able to hack the robot through an unprotected module hidden within its functions, allowing them to take over the robot without requiring authentication [69281]. (c) Processing_unit: The failure was not directly related to a processing error. The researchers were able to exploit vulnerabilities in the software modules of the robots to take control of the entire machine, indicating a flaw in the software design rather than a processing error [69281]. (d) Network_communication: The software failure incident was partly related to network communication errors. Attackers did not need physical access to the robots but could access the vulnerable module by being on the same Wi-Fi network, which is a network communication vulnerability [69281]. (e) Embedded_software: The software failure incident was primarily related to embedded software errors. The vulnerabilities in the robots' software allowed the researchers to change passwords, voice commands, movements, and camera recordings, indicating a significant flaw in the embedded software design [69281].
Communication	connectivity_level	The software failure incident described in the article is related to the connectivity level of the cyber physical system that failed. The vulnerability and insecurity of the SoftBank robots, Pepper and Nao, were exploited by researchers through an unprotected module hidden within their functions, allowing them to take over the entire machine without requiring authentication [69281]. Additionally, the Robot Operating System (ROS) used by these robots was deliberately built without a security system, with all communications being in clear-text without encryption, making it susceptible to attacks on the network or transport layer [69281].
Application	TRUE	The software failure incident described in the article [69281] was related to the application layer of the cyber physical system. The failure was due to vulnerabilities in the robots created by SoftBank, specifically the Pepper and Nao robots, which allowed researchers to infect them with malware, including ransomware. The researchers were able to hack into the robots through an unprotected module within their functions, enabling them to take over the entire machine without requiring authentication. This indicates that the failure was indeed related to the application layer, as it involved exploiting vulnerabilities in the software running on the robots, rather than a hardware or network issue.

Other Details

Category	Option	Rationale
Consequence	property, non-human, theoretical_consequence	(a) death: There is no mention of people losing their lives due to the software failure incident in the provided article [69281]. (b) harm: The article does not mention any physical harm coming to individuals due to the software failure incident [69281]. (c) basic: The incident did not impact people's access to food or shelter [69281]. (d) property: The software failure incident did impact property as it mentioned ransomware attacks on companies like the Cadbury chocolate factory and Honda, leading to temporary shutdowns of production facilities [69281]. (e) delay: The article does not mention any activities being postponed due to the software failure incident [69281]. (f) non-human: The software failure incident impacted non-human entities, specifically robots like Nao and Pepper, which were vulnerable to malware attacks, including ransomware, leading to potential control and manipulation by unauthorized individuals [69281]. (g) no_consequence: The article clearly outlines real consequences of the software failure incident, particularly in terms of ransomware attacks affecting production facilities and the potential risks posed by vulnerable robots [69281]. (h) theoretical_consequence: The article discusses potential consequences of ransomware attacks on robots, such as significant financial costs to companies and the ability for attackers to take over and manipulate the robots [69281]. (i) other: The article does not mention any other specific consequences of the software failure incident beyond those related to property, non-human entities, and theoretical implications [69281].
Domain	information, manufacturing	(a) The software failure incident reported in the article is related to the industry of information. The incident involved a ransomware attack on a robot developed by SoftBank, which is used in various settings such as malls, cruise ships, and airports [69281]. The attack highlighted the vulnerability of robots to malware, specifically ransomware, which can have significant consequences for companies using such robots, as seen in cases where production facilities had to be temporarily shut down due to ransomware attacks [69281]. (b) The software failure incident is not directly related to the transportation industry. (c) The software failure incident is not directly related to the natural resources industry. (d) The software failure incident is not directly related to the sales industry. (e) The software failure incident is not directly related to the construction industry. (f) The software failure incident is related to the manufacturing industry. The article mentions instances where ransomware attacks on robots led to the temporary shutdown of production facilities, such as the Cadbury chocolate factory and a Honda car plant in Japan [69281]. (g) The software failure incident is not directly related to the utilities industry. (h) The software failure incident is not directly related to the finance industry. (i) The software failure incident is not directly related to the knowledge industry. (j) The software failure incident is not directly related to the health industry. (k) The software failure incident is not directly related to the entertainment industry. (l) The software failure incident is not directly related to the government industry. (m) The software failure incident is not directly related to any other industry.

Sources

Cutie robots Pepper and Nao are no match for cyberattackers - CNET - Published on: 2018-03-09
Article ID: 69281

Back to List