ICT Security-Sécurité PC et Internet

Des chercheurs danois et suédois en sciences informatiques et systèmes autonomes ont décortiqué la sécurité du robot Pepper de Softbank Robotics utilisé notamment au Japon dans des points de vente Nestlé. Utilisation de logiciels non mis à jour et exposition à des attaques XSS, par force brute et élévation de privilèges font partie des vulnérabilités de sécurité recensées.

Depuis quelques années, les études relatives à la sécurité des objets connectés se suivent et se ressemblent. Toutes - ou presque - pointent leurs lacunes en termes de sécurité, un phénomène qui ne remonte pas à hier. Parmi la ribambelle de périphériques reliés au réseau, certains sont plus emblématiques que d'autres, notamment ceux appartenant à la catégorie des robots parmi lesquels Pepper, propriété de SoftBank Robotics suite au rachat du français Aldebaran Robotics.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=iot

https://www.scoop.it/t/luxembourg-europe/?&tag=Pepper

Security researchers say they have found a number of security flaws across a range of robots.

In total, researchers said they had discovered almost 50 cybersecurity vulnerabilities across the SoftBank Robotics' NAO and Pepper robots, UBTECH Robotics' Alpha 1S and Alpha 2 robots, the ROBOTIS ROBOTIS OP2 and THORMANG3 robots, Universal Robots' UR3, UR5, UR10 robots, Rethink Robotics' Baxter and Sawyer robots and several robots using technology by Asratec Corp.

Researchers spent six months testing mobile applications, robot operating systems, firmware images, and other software in order to identify the flaws in the robots, which for the purposes of maintaining security haven't be specifically detailed in IOActive's newly released Hacking Robots Before Skynet report.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=iot

Researchers found they were able to infect robots with ransomware; in the real world such attacks could be highly damaging to businesses if robotic security isn't addressed.

Ransomware has been a headache for PC and smartphone users but in the future it could be robots that stop working unless a ransom is paid.

Researchers at security company IOActive have shown how they managed to hack the NAO robot made by Softbank and infect one with custom-built ransomware. The researchers said the same attack would work on the Pepper robot too.

After the infection, the robot is shown insulting its audience and demanding to be 'fed' bitcoin cryptocurrency in order to restore systems back to normal.

While a tiny robot making threats might initially seem amusing - if a little creepy - the proof-of-concept attack demonstrates the risks associated with a lack of security in robots and how organisations which employ robots could suddenly see parts of their business grind to a halt should they become a victim of ransomware.

"In order to get a business owner to pay a ransom to a hacker, you could make robots stop working. And because the robots are directly tied to production and services, when they stop working they'll cause a financial problem for the owner, losing money every second they're not working," Cesar Cerrudo, CTO at IOActive Labs, told ZDNet.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=RANSOMWARE