Security consulting firm IOAcTIve recently launched a test-type concept attack to attack large companies through ransomware. The attack did not encrypt the files on the company or personal computer to obtain data. Instead, the researchers attacked another computer in a new situation, the robot. Robots now have deep application in many fields such as automobile manufacturing and medical treatment. Destroying the working environment of these robots can cause big companies to lose a lot of money every second.
An attack vector depends on how the robot processes the data. Although they usually contain internal storage components, most of the data processed by the robot is still transmitted on a large scale. This means that the robot receives, processes, and then sends the data back to the storage source. This data can include HD video, audio, customer payment information, and instructions for performing current tasks.
The researchers said: "Before paying the ransom, the attacker can target the components of the critical robot instead of encrypting the data."
To prove their theory, the researchers focused their attacks on NAO robots. This is a highly automated robot used primarily in research and teaching, with approximately 10,000 uses worldwide. Its operating system and related vulnerabilities are somewhat similar to those of Softbank's Pepper robots, which are commercial-oriented robots. It has been deployed in more than 20,000 departments of 2000 companies. Even large companies like Sprint have begun using Pepper to help service staff with sales and guidance.
The initial attack is to take advantage of an undocumented feature that allows anyone to execute commands remotely. After that, the researchers disabled the management function, changed the default functionality of the robot, and sent all video and audio information to a remote server on the network. Other steps include increasing user permissions, breaking the factory reset mechanism, and infecting all behavior files. In other words, they can make the robot feel uncomfortable, even the damage on the "body."
By hijacking the robot, the hacker can completely interrupt the service, causing the company to lose money every second. They can even force robots to show customers sexually explicit content, cursing customers in one-on-one interactions, or engaging in violent activities. The only way to reverse this behavior is to succumb to hacking because the cost of paying the ransom may be lower than the cost of repairs.
Considering the situation of privacy and intimacy, this situation even applies to sex robots. Users may spend money on paying hackers, instead of calling technical support to contact customer service directly, and arrange customer service to repair.
"In fact, the price of contacting customer service after sales is not cheap," the report said. “It’s not easy to reconfigure or fix software and hardware problems at the factory. Usually, when a robot fails, you have to return it to the factory or hire a technician to fix it. Anyway, you may have to wait a few weeks. In order to resume normal use."
Withstand high voltage up to 750V (IEC/EN standard)
UL 94V-2 or UL 94V-0 flame retardant housing
Anti-falling screws
Optional wire protection
1~12 poles, dividable as requested
Maximum wiring capacity of 16 mm2
30 amp Terminal Blocks,high quality Barrier Terminal Connector,high performance Polypropylene Terminal Block,Polyamide66 Terminal Blocks,BELEKS T16 series connector terminal
Jiangmen Krealux Electrical Appliances Co.,Ltd. , https://www.krealux-online.com