chevron_left chevron_right
Login Register invert_colors photo_library
Thread Rating:
  • 0 Vote(s) - 0 Average


filter_list Softbank Robotics' Vulnerability Ransomware Attacks
Author
Message
Softbank Robotics' Vulnerability Ransomware Attacks #1
Greetings to all,

Yet another very Interesting article I stumbled across today as follows.

Quote:A vulnerability in Softbank Robotics’ NAO and Pepper robots can lead to costly ransomware attacks that could cause robots deployed in businesses to stop working, curse at customers, or even perform violent movements.

It's of no surprise that Russia came across the vulnerability.
Quote:The vulnerability was disclosed at Kaspersky Lab’s Security Analyst Summit by IOActive Labs.

The nature of the attack and It's execution, Is quite Impressive.
Quote:In order to showcase the vulnerability, IOActive Labs built a PoC that targeted Softbank Robotics’ NAO robot, which could also be applied to the Pepper model. In order to deploy ransomware, the company exploited an undocumented function that allows remote command execution.

They then infected module files to change robot default operations, disable administration features, monitor video/audio and send it to a C2. From there, attackers can elevate privileges, change SSH settings, and change root passwords. To keep users from restoring the system uninstalling the ransomware, attackers can also disrupt the factory reset mechanism.

The attacker could then notify infection to command and control servers and infect all behavior files, which contain custom code to execute the main robot business or actions.

IOActive Labs said that by injecting custom Python code into any .xar behavior XML files executed on the robot, the robot behavior can be changed in a malicious way without even changing the project file.

Source.
[Image: AD83g1A.png]

[+] 1 user Likes mothered's post
Reply

RE: Softbank Robotics' Vulnerability Ransomware Attacks #2
It would be funny to see robots cursing at customers, whilst the manager is trying to pay the ransom. The unpredictability of adding robots into a business setting is obvious.
[Image: 7ajmN5P.jpg]

Skype: oni_sl (Add)
Steam: Oni | SL (Add)

[+] 1 user Likes Oni's post
Reply

RE: Softbank Robotics' Vulnerability Ransomware Attacks #3
(03-13-2018, 01:55 AM)Oni Wrote: The unpredictability of adding robots into a business setting is obvious.

This.

If they're exploited, depending on the nature of the attack, there's no telling what can be achieved.
[Image: AD83g1A.png]

[+] 1 user Likes mothered's post
Reply

RE: Softbank Robotics' Vulnerability Ransomware Attacks #4
Lol this is fucking crazy. I need to be enlightned more on this article. By chance do you have any other links.. Great share.

Reply






Users browsing this thread: 1 Guest(s)