Cybersecurity Issues in Robotic Platforms Adrián Campazas-Vega1,* , Alberto Miguel-Diez1 , Mario Hermida-López1 , Claudia Álvarez-Aparicio1 , Ignacio Samuel Crespo-Martínez1 and Ángel Manuel Guerrero-Higueras1 1 Grupo de Robótica de la Universidad de León, Campus de Vegazana, 24071 León, Spain Abstract The use of robots has increased dramatically in recent years. Currently, there are multiple types of robots, from service robots, designed to help people in any kind of environment (home, work, hospitals...), to quadruped platforms, developed for critical infrastructures or the military field. Security in those platforms is crucial, since robots present vulnerabilities, they can pose a risk to both their integrity and that of the people/objects around them. In this work, a security evaluation of the Unitree A1, a quadruped robot, and the humanoid robot Pepper has been carried out, to know the security flaws that may be present, as well as the implications that it may have for the user, the environment, or the integrity of the robot. The final goal of the work is that the vulnerabilities found will be taken into account by other researchers or companies that develop that kind of robot and take into account those security problems. Keywords Pentesting, robot, security, Unitree A1, Pepper 1. Introduction In addition to their civilian applications, these robots are actively utilized in the military domain [2]. Similarly, the The use of robots has exponentially increased in the last use of service robots has also significantly increased in decade. Throughout the year 2022, the utilization and recent years. These robots are designed to interact and deployment of industrial robots increased by 40% in the communicate with humans to assist in the completion of United States and 6% in Spain, according to the Spanish everyday tasks. Association of Robotics (AER) [1]. Industrial robotics has Similarly, to other types of devices, cybersecurity in traditionally focused on the precise repetition of tasks, robotic environments is an important aspect that be- surpassing the capabilities of a human being. However, comes critical when a robot is involved in highly sensitive in recent years, there has been a particular emphasis tasks or interacts with people. Many issues with these on the development of robotic platforms capable of per- platforms arise because manufacturers often prioritize forming tasks that are difficult or dangerous for humans. manufacturing cost or design over conducting product In this regard, the most impactful robotic platforms are security testing [3]. In addition to the lack of device se- quadruped robots. These robots are characterized by sup- curity by manufacturers, it is worth noting that most of porting their weight on four legs, typically mimicking the these robotic platforms are "plug and play," meaning that morphology of a dog. The design of these devices offers end users often do not pay proper attention to configur- advantages over bipedal robots due to their versatility ing the device correctly. This includes changing default in adapting to various types of terrains. The characteris- passwords, which poses an additional security challenge. tics of quadruped robots enable them to undertake tasks This paper aims to address some of the security issues considered challenging or hazardous for humans. These presented by both quadruped robotic platforms and so- tasks include bomb inspection and deactivation, radia- cial robots. Specifically, a security evaluation has been tion detection, and critical infrastructure maintenance. conducted on the quadruped robot Unitree A1 and the semi-humanoid robot Pepper, with the objective of iden- BISEC’23: 14th International Conference on Business Information tifying potential vulnerabilities and risks that could affect Security, November 24, 2023, Niš, Serbia * Corresponding author. both humans and the robot itself, as well as the environ- $ acamv@unileon.es (A. Campazas-Vega); ment in which it is deployed. The severity of the discov- amigud00@estudiantes.unileon.es (A. Miguel-Diez); ered vulnerabilities has been assessed using the CVSSv3 mherml00@estudiantes.unileon.es (M. Hermida-López); (Common Vulnerability Scoring System version 3) stan- calvaa@unileon.es (C. Álvarez-Aparicio); icrem@unileon.es dard. This work and the methods employed can serve as (I. S. Crespo-Martínez); am.guerrero@unileon.es (Á. M. Guerrero-Higueras) a starting point for other researchers interested in eval-  0000-0001-8237-5962 (A. Campazas-Vega); 0000-0002-7465-8054 uating the security risks of other models of quadruped (C. Álvarez-Aparicio); 0000-0002-3154-0144 (I. S. Crespo-Martínez); robots and social robots. 0000-0001-8277-0700 (Á. M. Guerrero-Higueras) The rest of the article is organized as follows: In Sec- © 2024 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). tion 2, related works are presented. Section 3 introduces CEUR Workshop Proceedings http://ceur-ws.org ISSN 1613-0073 CEUR Workshop Proceedings (CEUR-WS.org) CEUR ceur-ws.org Workshop ISSN 1613-0073 Proceedings the architecture and characteristics of the robots Unitree A1 and Pepper, along with the method for assessing the severity of discovered vulnerabilities. Section 4 provides details on the various experiments conducted and the implications of exploiting the vulnerabilities in a real- world environment. Finally, Section 5 offers the current conclusions. 2. Related Works Despite the growing popularity of quadruped robots, there is limited research on the cybersecurity of these robots. Most research in this field focuses on the physical security of robots, such as collision prevention [4] and sta- bility on different terrains [5]. However, there are some works that examine overall security in robotic devices. In [6], the authors analyzed potential security issues that dif- ferent types of robots might have and listed some generic recommendations that could be implemented to enhance the overall security of robotics. One of the conclusions reached by the authors is that cyberattacks on robots Figure 1: Unitree A1 of the Robotics Group of the University used in critical infrastructures and military environments of León. are the most damaging and dangerous. It’s important to note that the current use of quadruped robots primar- ily focuses on these two areas. Another work related to robotic security is presented in [3]. In this work, the 3.1. Unitree A1 authors identified security threats in the field of robotics, As mentioned in Section 1, to conduct the cybersecurity classified them based on the affected layer of the robot’s evaluation of quadruped robots, the Unitree A1 robot, as architecture, and analyzed their impact and potential shown in Figure 1, has been utilized. The Unitree A1 is countermeasures. Other works, such as [7] and [8], dis- manufactured by Unitree Robotics, a Chinese company cuss security issues associated with ROS (Robot Operat- that has been producing quadruped devices since 2016 ing System). ROS is a set of software libraries and tools [10]. that help create applications for robots. While Pepper The Unitree A1 robot can reach a maximum speed of and Unitree A1 do not come with ROS by default, it is 3.3 m/s at a particular moment and can carry objects with possible to install ROS on the latter. a maximum weight of 5 kg. Additionally, it is equipped Finally, regarding the specific analysis of the Pepper with sensors that enable it to maintain proper balance robotic platform, in [9], the authors conducted a security during operation, preventing the robot from falling on evaluation of the semi-humanoid robot "Pepper" from uneven terrain. The device has a battery life ranging SoftBank Robotics. The authors demonstrated that this from 1 to 2.5 hours, depending on the mode in which it robot had critical vulnerabilities that needed to be ad- is used [11]. dressed by the manufacturer. This article expands on Regarding the cameras and sensors, the Unitree A1 is the work done in [9], confirming that years later, the equipped with a RealSense camera [12], located on its vulnerabilities identified by the authors still exist and "head." This camera features a depth sensor that utilizes uncovering new vulnerabilities in the platform. a combination of infrared and laser technologies to mea- sure the distance between objects and the camera. This enables it to capture 3D images and detect objects in real- 3. Materials and Methods time. In the field of robotics, these types of cameras are In this section, the characteristics of the robots analyzed used to implement autonomous functions in the robot, in this work are presented. Additionally, the methodol- allowing it to navigate around obstacles and create a 3D ogy used to conduct the experiments and the evaluation map of the area in which the robot is deployed [13, 14]. method for these experiments are described. At the connectivity level, the quadruped robot has sev- eral ports on the upper part of its "body" that the user can utilize to interact with various interfaces of the robot. These connections include four USB ports, two HDMI ports, and two Ethernet ports. Teleoperation of the robot can be performed using a mobile application developed by the manufacturer or by using the controller that comes with the robot. The controller includes two joysticks and a directional pad (D-pad) for easy robot maneuvering. According to the manual, the controller connects directly to the robot’s control board via radio frequency. On the other hand, Unitree’s mobile application is compatible with both iOS and Android devices. The app allows users to control the robot, view the real-time camera feed, and utilize a simu- lator of the Unitree A1. However, despite the robot being available for commercial use since 2020, some features of the app may not work correctly or require specific pa- rameter configurations. Furthermore, Unitree provides users with a Software Development Kit (SDK) to develop custom code for the robot. This SDK enables developers to create their own applications and functionalities for the Unitree A1. 3.2. Pepper Pepper is the world’s first social humanoid robot capable of recognizing human faces and basic emotions. It is optimized for interaction and can engage with people Figure 2: Appearance of the Pepper service robot. through conversation or its touchscreen interface. Pepper is designed for intuitive and natural interaction. It finds common applications in various fields such as hospitality, between 0.1 and 3.9 is considered to have low severity. retail, healthcare, education, entertainment, and personal Vulnerabilities with a score between 4.0 and 6.9 are classi- assistance. Its appearance is depicted in Figure 2. fied as having moderate severity. Finally, vulnerabilities Pepper has 20 degrees of freedom to achieve more nat- with a score between 7.0 and 10.0 are considered to have ural and expressive movements. Additionally, it features high severity. This scoring system provides a clear way voice recognition available in 15 languages and percep- to assess the seriousness of vulnerabilities and helps or- tion modules to recognize and interact with the person ganizations prioritize their remediation efforts. in front of it. In terms of physical sensors, the robot CVSS defines metrics to assess the likelihood that a is equipped with touch sensors, LEDs, microphones for vulnerability will be exploited. The metrics defined by multimodal interaction, infrared sensors, bumpers, an in- the CVSSv3 standard can be seen in Table 1. ertial unit, and 2D and 3D cameras to enable autonomous and omnidirectional navigation. Pepper provides an API that allows for the development of custom applications 3.4. Methodology and functionalities for this robotic platform. The methodology used for the analysis of robotic plat- forms is similar to that employed in conventional com- 3.3. Evaluation puter systems. Below, we outline the three stages carried out to assess the security of the Unitree A1 robot and the To assess the severity of the discovered vulnerabilities, Pepper service robot: the Common Vulnerability Scoring System (CVSS) ver- sion 3 has been employed [15]. CVSS, or Common Vul- • Information Gathering: In this step, informa- nerability Scoring System, is an open and widely used tion is collected about the robotic platform, in- framework that defines metrics for communicating the cluding the type of hardware and sensors used characteristics, impact, and severity of vulnerabilities af- by the device, the operating system it runs on, fecting security elements. It provides a standardized way the services it executes, and the nature of the to evaluate and communicate the seriousness of security communications that take place. vulnerabilities. • Vulnerability Analysis: Tests are conducted CVSSv3 categorizes vulnerabilities with a numerical to identify vulnerabilities in the robotic system. value between 0 and 10. A vulnerability with a score This analysis encompasses both hardware and Table 1 Metrics associated with the CVSS vector in version 3 Symbol Description AV Attack Vector: Determines how the vulnerability can be exploited, assessing the accessibility requirements. The values of this metric are: • Network (N) • Adjacent (A) • Local (L) • Physical (P) AC Attack Complexity: Determines the attack complexity required to make use of the vulnerability. The values of this metric are: • Low (L) • High (H) PR Privileges Required: Determines the level of privileges an attacker must have before he can successfully exploit a vulnerability. The values of this metric are: • None (N) • Low (L) • High (H) UI User Interaction: Determines if user intervention is necessary for successful exploitation of the vulnerability. The levels of this metric are: • None (N) • Required (R) S Scope: Determines whether successful exploitation of the vulnerability can indirectly affect other components outside the scope of the system or application. The values of this metric are as follows: • Unchanged (U) • Changed (C) C Confidentiality Impact: Confidentiality is the ownership of a document, message or data that is only authorized to be read or understood by certain persons or entities. The values of this metric are as follows: • None (N) • Low (L) • High (H) I Integrity Impact: Integrity is the property of a document, message or data that guarantees the veracity of the information. The values for this metric are as follows: • None (N) • Low (L) • High (H) D Availability Impact: Availability is the property of a system, service, or application that is accessible without impediments. The values for this metric are as follows: • None (N) • Low (L) • High (H) software aspects, as well as the systems deployed vulnerabilities. All vulnerabilities listed below are associ- by the robot. ated with an impact vector generated using the CVSSv3 • Exploitation of Identified Vulnerabilities: Fi- standard, as discussed in Section 3. The discovered vul- nally, identified vulnerabilities are exploited to de- nerabilities, which are explained below, are presented in termine the extent to which these security flaws Table 2. pose a risk to the safety of the robot itself and its surrounding environment. 4.1. Common vulnerabilities in both robots 4. Experimentation and Discussion In this subsection, we present the vulnerabilities that are The evaluation conducted on these robots aims to iden- common to both robots. tify vulnerabilities that may be present in the devices and could be extrapolated to other robotic platforms. The fol- lowing will demonstrate how both robots share common Table 2 Vulnerabilities of the evaluated robots Vulnerability Impact Robot Lack of protection against brute force attacks in SSH protocol High Unitree A1 Pepper Lack of verification against MiTM attack High Unitree A1 Pepper Denial of service to the robot’s Web server Moderate Unitree A1 Pepper Unsecured physical ports High Unitree A1 Web server without authentication Moderate Unitree A1 API access without authentication High Pepper Communication with the web server without encryption Moderate Pepper 4.1.1. Lack of protection against brute force attacks in SSH protocol One way to access the embedded computers inside the robot is through the SSH protocol. This connection al- lows for configuring certain aspects of the robot, such as the AP password, and even controlling the robot us- ing the installed SDK. Both the Unitree A1 robot and Pepper do not implement security measures to prevent Figure 3: On the left, view of the teleoperator after being brute-force attacks on the SSH servers installed in the attacked. On the right, real image of the robot’s situation. robot. To verify that the SSH servers are vulnerable to dictionary attacks or brute-force attacks, the open-source tool Hydra has been used [16]. If an attacker gains access to the robot’s internal com- actual situation, potentially enabling an attacker to cause puters, they could potentially control the robot remotely harm to the robot itself or its surrounding environment. and even delete system files, rendering the device inop- To exploit this vulnerability, an ARP Spoofing attack erable. Furthermore, since the default password for both was conducted using the "arpspoof" tool [17]. This at- devices is considered insecure today and is present in tack is considered one of the most dangerous on LAN a wide range of online dictionaries, this vulnerability is networks [18]. The attacker manipulates both the robot’s deemed severe with a score of 9 and the following CVSS and the victim’s ARP tables, associating their MAC ad- vector: AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. dress with the victim’s IP address, thereby redirecting all traffic to a machine controlled by the attacker. Subse- quently, the attacker redirects the traffic arriving from 4.1.2. Lack of verification against MiTM attack the user to a web server identical to the robot’s but un- Neither the quadruped robot Unitree A1 nor the social der the attacker’s control. In this case, the web server robot Pepper implement security measures to prevent deployed by the Unitree is MJPG-Streamer, which is pub- an attacker with access to the robot’s network from per- licly available on GitHub [19]. forming a Man-in-the-Middle (MitM) attack. This would The consequences of such attacks can be critical in allow the attacker to intercept unencrypted communica- certain environments. For instance, in Figure 3, can see tions and manipulate them at will. Here’s an example of that the person operating the robot perceives an obstacle- the vulnerability in the Unitree A1 robot: The A1 robot free corridor, while in reality, the robot is in a hazardous deploys a web server that serves images from the robot’s situation near a set of stairs. camera, allowing an operator to teleoperate the device This vulnerability has a high impact with a score remotely. of 8.0 and the following associated CVSSv3 vector: An attacker who has access to the network deployed by AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. A video has the robot can carry out a MitM attack, altering the video been created to replicate the experiment performed [20]. transmission from the robot’s camera with another feed controlled by the attacker, without the victim noticing 4.1.3. Denial of service to the robot’s Web server any difference. If the robot is used in critical situations, the operator controlling the robot will not perceive the The web servers deployed by both robots are vulnerable to denial-of-service (DoS) attacks. The process to exe- simply by plugging them in. These devices are referred to as Rubber Ducky [21]. Furthermore, the exposure of USB ports also makes the robot vulnerable to attacks carried out with a USB killer device [22]. This type of device dis- charges a high-voltage surge, damaging the components of the connected device. This vulnerability has a high impact with a score of 7.5, and the associated CVSSv3 vector is AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L. 4.2.2. Web server without authentication Access to the live video feed from the robot’s camera does not have an authentication system. Therefore, any user connected to the network emitted by the robot can view the real-time image either through the device’s web server or via the mobile application. To be considered secure, this functionality should require authentication. This vulnerability has a moderate impact with a score of 5.7 and the following CVSSv3 vector: AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. 4.3. Pepper robot vulnerabilities In this section, the vulnerabilities that exclusively affect the social robot Pepper are presented. Figure 4: Top view of Unitree A1. 4.3.1. API access without authentication The API implemented by Pepper allows for complete cute this attack is quite similar to the previous one, as it control of the device. Access to the API occurs without relies on the ARP Spoofing technique in both cases. To any form of authentication, so an attacker only needs exploit this vulnerability, the attacker must manipulate to be on the same network as the robot. Interaction the victim’s and robot’s ARP tables to intercept traffic. with the API is done through port 9559 using the Python Once the attack is successfully carried out, all packets programming language, although C++ and Java are also are received by the attacker, who will then discard these supported. packets, causing the legitimate user to lose the connec- This vulnerability has a high impact with a tion to the web server. This vulnerability has a moderate score of 7.5, and the associated CVSSv3 vector is: impact with a score of 5.7 and the following associated AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSSv3 vector: AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. 4.3.2. Communication with the web server 4.2. Unitree A1 robot vulnerabilities without encryption This section shows vulnerabilities that exclusively affect The web server used by the robot utilizes unencrypted the Unitree A1 robot. HTTP communication. An attacker connected to the net- work can sniff the traffic and obtain the access credentials 4.2.1. Unsecured physical ports for the web server, as depicted in Figure 5. This vulnerability has a moderate impact with Figure 4 shows the port distribution of the robot. The a score of 6.5 and the following CVSSv3 vector: main vulnerability lies in the fact that the robot does AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N. not request any form of authentication when connected through the provided ports. The lack of authentication poses several security im- 5. Conclusions plications, even without connecting standard input and output devices such as a keyboard and monitor. Cur- The use of robotics is becoming increasingly widespread; rently, there are USB-like devices that function as input however, it is essential that progress in this field is accom- and output devices, enabling the execution of commands Figure 5: Capture of Pepper’s traffic showing the robot’s plaintext credentials. panied by a thorough review of potential vulnerabilities ropean Union NextGenerationEU/PRTR. in these devices. In this work, a security evaluation has been conducted on the quadruped robot Unitree A1 and the service robot References Pepper. Several potential vulnerabilities have been iden- [1] A. E. de Robótica y Automatización, La impor- tified that could be exploited by an attacker to gain unau- tancia de la ciberseguridad en la industria 4.0, thorized access to the robot or control its movements and https://www.aer-automation.com/wp-content/ actions. For each of the vulnerabilities discovered in this uploads/2023/01/Ciberseguridad_AERPaper.pdf, work, a Common Vulnerabilities and Exposures (CVE) 2023. has been requested. The CVE program’s mission is to [2] K. Geldenhuys, Killer robots are real, Servamus identify, define, and catalog publicly disclosed cyberse- Community-based Safety and Security Magazine curity vulnerabilities. 116 (2023) 20–22. To continue advancing in the field of robotics, it is [3] G. W. Clark, M. V. Doran, T. R. Andel, Cybersecurity necessary to implement security measures such as user issues in robotics, in: 2017 IEEE conference on authentication and authorization, encryption of device cognitive and computational aspects of situation communications, and regular security testing to detect management (CogSIMA), IEEE, 2017, pp. 1–5. and address potential vulnerabilities in the software of [4] R. Singh, T. Bera, Walking model of jansen various robotic platforms. It is important to emphasize mechanism-based quadruped robot and application that the cybersecurity of quadruped and social robots is to obstacle avoidance, Arabian Journal for Science a critical issue that must be addressed by manufacturers, and Engineering 45 (2020) 653–664. developers, and users of these devices to ensure their [5] Y. H. Lee, Y. H. Lee, H. Lee, L. T. Phan, H. Kang, proper functioning and protect them against potential U. Kim, J. Jeon, H. R. Choi, Trajectory design and malicious attacks that could pose a security risk to the control of quadruped robot for trotting over obsta- robot itself or to people in its vicinity. cles, in: 2017 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS), IEEE, 2017, Acknowledgment pp. 4897–4902. [6] C. Cerrudo, L. Apa, Hacking robots before skynet, This research has been partially supported un- IOActive Website (2017) 1–17. der the grant PID2021-126592OB-C21 funded [7] S.-Y. Jeong, I.-J. Choi, Y.-J. Kim, Y.-M. Shin, J.-H. by MCIN/AEI/10.13039/501100011033 and by Han, G.-H. Jung, K.-G. Kim, A study on ros vulnera- ERDF A way of making Europe and under bilities and countermeasure, in: Proceedings of the the Grant TED2021-132356B-I00 funded by Companion of the 2017 ACM/IEEE International MCIN/AEI/10.13039/501100011033 and by the "Eu- Conference on Human-Robot Interaction, 2017, pp. 147–148. [8] R. White, D. H. I. Christensen, D. M. Quigley, Sros: Securing ros over the wire, in the graph, and through the kernel, arXiv preprint arXiv:1611.07060 (2016). [9] A. Giaretta, M. De Donno, N. Dragoni, Adding salt to pepper: A structured security assessment over a humanoid robot, in: Proceedings of the 13th International Conference on Availability, Reliability and Security, 2018, pp. 1–8. [10] U. Robotics, Unitree, https://m.unitree.com/, 2022. [11] U. Robotics, Unitree a1 user manual, https://www.mybotshop.de/Datasheet/ UnitreeA1_User_Manual_v1.0.pdf/, 2020. [12] F. L. Siena, B. Byrom, P. Watts, P. Breedon, Utilising the intel realsense camera for measuring health outcomes in clinical research, Journal of medical systems 42 (2018) 1–10. [13] J. Bayer, J. Faigl, On autonomous spatial exploration with small hexapod walking robot using tracking camera intel realsense t265, in: 2019 European Conference on Mobile Robots (ECMR), IEEE, 2019, pp. 1–6. [14] J. Hu, Y. Niu, Z. Wang, Obstacle avoidance methods for rotor uavs using realsense camera, in: 2017 Chinese Automation Congress (CAC), IEEE, 2017, pp. 7151–7155. [15] INCIBE, Métricas de evaluación de vulnerabilidades: Cvss 3.0, https://.incibe-cert.es/blog/cvss3-0/, 2023. [16] V. Hauser, Hydra, https://github.com/ vanhauser-thc/thc-hydra/, 2022. [17] D. Song, arpspoof - intercept packets on a switched lan, https://manpages.ubuntu.com/manpages/ bionic/man8/arpspoof.8.html, 2022. [18] G. Jinhua, X. Kejian, Arp spoofing detection algo- rithm using icmp protocol, in: 2013 International Conference on Computer Communication and In- formatics, IEEE, 2013, pp. 1–6. [19] jacksonliam, Servidor web mjpg-streamer, https: //github.com/jacksonliam/, 2021. [20] A. Miguel, Ataque man in the middle al unitree a1, https://bit.ly/3JGCGDl, 2023. [21] INCIBE, Rubber ducky, ¿una simple memo- ria usb?, https://www.incibe.es/empresas/blog/ rubber-ducky-simple-memoria-usb, 2023. [22] O. Angelopoulou, S. Pourmoafi, A. Jones, G. Sharma, Killing your device via your usb port, in: Proceed- ings of the Thirteenth International Symposium on Human Aspects of Information Security & Assur- ance (HAISA 2019), The Centre for Security, Com- munications and Network Research (CSCAN), 2019, pp. 61–72.