Food Delivery Robots Can Be Hacked to Deliver Meals to Your Table Instead of the Intended Customers

Cybersecurity

Recent discoveries have highlighted significant vulnerabilities in the management systems of Pudu Robotics’ service robots, widely used in various sectors such as restaurants, hospitals, hotels, and offices. These vulnerabilities, identified by a cybersecurity researcher, involve inadequate authentication protocols in the robot management APIs, potentially allowing unauthorized control over the devices.

Technical Specifications

Pudu Robotics employs several robots, including the BellaBot and FlashBot, across global operations. The identified vulnerability allowed unauthorized users to bypass authentication checks and exploit the system, enabling them to:

• Access the call history of any robot.
• Initiate tasks and control robots without ownership.
• Modify robot settings, including names and operational behaviors.
• List all robots associated with any store worldwide.

Operational Impact

The potential misuse of these vulnerabilities is extensive. In restaurants, unauthorized users could manipulate robots to disrupt services, such as misdirecting deliveries or creating operational chaos. In office environments, the FlashBot’s capabilities could be misused to access confidential documents and deliver them to unintended recipients. The healthcare sector faces risks with potential interference in medicine delivery and cleaning operations, posing serious threats to patient safety.

Response and Resolution

Initial attempts to report these vulnerabilities to Pudu Robotics went unanswered. However, following direct communication with major clients, the company acknowledged the issue and rectified the vulnerabilities within 48 hours. The response from Pudu Robotics emphasized the importance of ensuring robust security measures as these robots become increasingly integrated into sensitive environments.

The secure operation of service robots is essential as they continue to play a significant role in public spaces, including hospitals and educational institutions. Ongoing vigilance and timely updates are critical to maintaining their reliability and safety.