Pepper is a human-shaped robot that is designed to be a genuine day-to-day companion. According to Softbank Robotics, “Pepper is the first humanoid robot capable of recognising the principal human emotions and adapting his behaviour to the mood of his interlocutor.” Therefore Peppers primary use in healtcare is to be used in nursing homes to entertain the elderly, doing puzzles with them, playing music and passing the time when the caregivers are busy with other tasks.
There had been isolated reports of Pepper hacks in the past. The current study, however, focused on the safety of the robot – and paints a devastating picture.
For example, Pepper offers users a simple web interface for administrative tasks. Access is granted via an unsecured HTTP instead of encrypted HTTPS connection, so attackers can easily steal information such as standard user credentials. Worse, Pepper uses a default password for root privileges, which is relatively difficult to change. In many cases, an attacker could easily gain full access to the robot after logging in as a normal user. It even wouldn’t matter, if a hacker was unable to steal the password for the default user – because a brute force attack works great, the stidy says.
However, the researcher had a bright spot for the manufacturer: According to them the problems should be easy to solve.