Pepper, an annoyingly chirpy robot, has been infected by malware in proof of concept by security company IOActive.
In a paper entitled "Robots Want Bitcoins Too!", shows how robots like Pepper and NAO, both commercially available and both made by Softbank, can be compromised by malware - even ransomware.
"It's no secret that ransomware attacks have become a preferred method for cybercriminals to get monetary profit by encrypting victim information and requiring a ransom to get the information back," said Lucas Apa, senior security consultant at IOActive.
"Knowing that, we decided to conduct a proof-of-concept ransomware attack on the NAO robot, leveraging vulnerabilities we uncovered in our prior research in 2017. What we found was pretty astonishing: ransomware attacks could be used against business owners to interrupt their businesses and coerce them into paying ransom to recover their valuable assets.
By injecting custom code into behaviour file classes, researchers were able to alter the robot's behaviour
"The robots could also malfunction which may take weeks to return them to operational status. Unfortunately, every second a robot is non-operational, businesses and factories are losing lots of money."
By injecting custom code into behaviour file classes, researchers were able to alter the robot's behaviour. Using this technique, they explained that it would be possible to bork the robot completely, or do something mischievous like teach it bad language or run porn on its display.
"Even though our proof of concept ransomware impacted SoftBank's NAO and Pepper robots, the same attack could be possible on almost any vulnerable robot," added Apa.
"Robot vendors should improve security as well as the restore and update mechanisms of their robots to minimize the ransomware threat. If robot vendors don't act quickly, ransomware attacks on robots could cripple businesses worldwide."
Softbank was informed of the vulnerabilities in January but, as yet, hasn't indicated when it will make a patch available.
Are you paying attention?
Private equity firm Permira only acquired Magento from eBay for $200m three years ago
Before robots can take over from humans, we need more humans
It's not easy not being evil