Ethical Hacking News
A Chinese robot manufacturer's commercial service robots were found to be vulnerable to hijacking due to lax security measures. The discovery was made by a white-hat hacker who alerted the company after discovering the issue, but not before being met with resistance from Pudu Robotics' management and support teams.
Pudu Robotics' commercial service robots were found to have a security vulnerability that allowed attackers to redirect food orders or shut down entire fleets. The vulnerability was discovered by white-hat hacker Bobdahacker, who alerted the company but received a lack of response from their technical support and management. Pudu Robotics ultimately addressed the issue after being contacted by customers, including Bobdahacker's report that highlighted the importance of responsible disclosure practices. The incident highlights the need for robust security measures and transparent communication from manufacturers to protect users and prevent exploitation.
In a shocking revelation, a white-hat hacker has exposed a security vulnerability in the backend software systems controlling Chinese robot manufacturer Pudu's commercial service robots. The Pudu Robotics' high-profile products, including the BellaBot and FlashBot, are used in various industries such as food delivery, retail, and hospitality, with over 100,000 units deployed across more than 1,000 cities worldwide.
According to analysts Frost and Sullivan, Pudu Robotics captured 23 percent of the global market share for commercial service robots last year. However, a recent discovery by Bobdahacker, a renowned security researcher, has revealed that the company's administration controls were left wide open on their robots, allowing attackers to redirect food orders or shut down entire fleets in a Distributed Denial-of-Service (DDoS) attack.
The vulnerability was discovered when Bobdahacker began investigating Pudu Robotics after her previous success exposing a free-food hack at McDonald's ordering system. She found that the company's backend software systems were vulnerable to abuse due to inadequate security measures, such as not locking down access to administrative controls.
To exploit this vulnerability, an attacker would need a valid authentication token, which could be obtained through a cross-site scripting intrusion or by setting up a new account to try before purchasing one of their robots. Once inside, the attacker could reset orders, move the robots to new locations, and even rename them to make recovery more difficult.
Initially, Bobdahacker alerted Pudu Robotics about the issue, but she was met with a lack of response from their technical support, sales teams, and even management. It wasn't until she started contacting the company's restaurant customers that she received any attention, including an email response that appeared to be generated by ChatGPT itself.
The lack of urgency and transparency displayed by Pudu Robotics in addressing this critical security vulnerability has raised concerns among experts. "It just goes to show that sometimes the best pressure you can put on a manufacturer to fix their problems comes from following the money and alerting customers," said Bobdahacker in her report.
Fortunately, it appears that Pudu Robotics took steps to address the issue after being alerted by Bobdahacker's efforts. The company locked down its systems and eliminated the security hole, ensuring the protection of their users and preventing potential exploitation.
In light of this incident, it highlights the importance of responsible disclosure practices among security researchers and manufacturers alike. It also serves as a warning to companies that neglecting security vulnerabilities can have far-reaching consequences, including financial losses, reputational damage, and compromised customer trust.
As the world becomes increasingly dependent on technology, the need for robust security measures and transparent communication from manufacturers has never been more pressing. The revelation of Pudu Robotics' vulnerability serves as a wake-up call to companies and individuals alike, emphasizing the importance of prioritizing cybersecurity in our daily lives.
Related Information:
https://www.ethicalhackingnews.com/articles/Open-Source-Nightmare-Pudu-Robotics-Exposed-as-Vulnerable-to-Hijacking-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/08/29/pudu_robots_hackable/
Published: Fri Aug 29 16:41:10 2025 by llama3.2 3B Q4_K_M
