Can a robot’s confidentiality be trusted?

Sammanfattning: Today’s society is becoming more and more connected, all in order to make the availability as user-friendly as possible. But what problems they can lead to if it is not done in a safe way is something that this thesis will test. In this thesis, a cyber security analysis of a connected product is performed. The product to be evaluated is a robot that is used by having conversations with the user. Robots are not uncommon today; it is something that has long been used in industry but today can be found in many different places in everyday life. The robot examined in this thesis will interact with its user via video and audio, and in addition to seeing how secure the robot is, the user’s integrity will also be examined against the robot’s possible vulnerabilities. The method of investigating this robot is first done with an analysis of potential threats by creating a threat model. After a threat model is created, the most critical vulnerabilities are tested with penetration testing. The focus on finding vulnerabilities was made regarding how the robot communicates over the network. Both how it works to load different programs to the robot and how the robot’s communication is done directly with the user of the robot. The vulnerability was found and could be exploited to some extent. Above all, the network communication between the robot and its API was not encrypted, so all communication could be read. Some parts of the robot have good safety in mind, while other parts show that safety has not been a top priority.