Adding Salt to Pepper: A Structured Security Assessment over a Humanoid Robot

TL;DR

This paper conducts a comprehensive security assessment of the humanoid robot Pepper, identifying vulnerabilities and proposing fixes to enhance IoT security before market release.

Contribution

It provides a structured security evaluation of Pepper, highlighting vulnerabilities and suggesting remediation steps to improve robot security.

Findings

Multiple security flaws identified in Pepper

Vulnerabilities could allow robot takeover

Recommendations for fixing security issues

Abstract

The rise of connectivity, digitalization, robotics, and artificial intelligence (AI) is rapidly changing our society and shaping its future development. During this technological and societal revolution, security has been persistently neglected, yet a hacked robot can act as an insider threat in organizations, industries, public spaces, and private homes. In this paper, we perform a structured security assessment of Pepper, a commercial humanoid robot. Our analysis, composed by an automated and a manual part, points out a relevant number of security flaws that can be used to take over and command the robot. Furthermore, we suggest how these issues could be fixed, thus, avoided in the future. The very final aim of this work is to push the rise of the security level of IoT products before they are sold on the public market.