Researchers uncovered critical API authentication vulnerabilities in Pudu Robotics’ entire fleet of service robots (BellaBot, KettyBot, PuduBot, etc.), deployed globally in restaurants, hospitals, hotels, and offices. The flaws allowed unauthorized actors to control robots remotely fetching call histories, modifying tasks, altering configurations, and enumerating global store inventories without ownership checks. Exploits ranged from harmless pranks (e.g., misrouting food deliveries) to high-risk sabotage: in healthcare, disinfection/medicine robots could be redirected from critical areas, endangering patient safety; in offices, robots could access restricted floors to steal confidential documents. Attackers could also orchestrate fleet-wide denial-of-service attacks, halting operations or demanding ransom via on-screen QR codes. Despite being alerted on August 12, Pudu Robotics delayed action until August 23, issuing a generic response and patching only after client escalations. The incident highlights systemic negligence, risking public safety, data breaches, and operational disruptions across sectors serving millions daily, including vulnerable groups like children, the elderly, and hospital patients.
Source: https://cyberpress.org/food-robot-hack/
TPRM report: https://www.rankiteo.com/company/pudurobotics
"id": "pud804090225",
"linkid": "pudurobotics",
"type": "Vulnerability",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': ['Restaurants',
'Hospitals',
'Hotels',
'Offices',
'Elderly Care Facilities'],
'industry': 'Robotics/AI',
'location': 'Global (HQ in Shenzhen, China)',
'name': 'Pudu Robotics',
'size': 'Hundreds of Thousands of Robots Deployed',
'type': 'Manufacturer'},
{'industry': 'Food Service',
'location': 'Japan',
'name': 'Skylark Holdings',
'type': 'Client'},
{'industry': 'Food Service',
'location': 'Japan',
'name': 'Zensho Corporation',
'type': 'Client'}],
'attack_vector': ['Weak API Authentication',
'Missing Ownership Validation',
'Unthrottled Data Enumeration'],
'data_breach': {'data_exfiltration': 'Possible (No Confirmation of Actual '
'Exfiltration)',
'number_of_records_exposed': ['Up to 20,000 Store IDs in '
'Single Request'],
'personally_identifiable_information': 'No',
'sensitivity_of_data': 'Moderate (Operational but Not PII)',
'type_of_data_compromised': ['Operational Data',
'Robot Telemetry',
'Store IDs',
'Task Logs']},
'date_detected': '2023-08-12',
'date_resolved': '2023-08-25',
'description': 'Researchers uncovered systemic API authentication failures in '
'Pudu Robotics’ fleet of service robots (e.g., BellaBot, '
'KettyBot, PuduBot), allowing unauthorized actors to '
'commandeer robots globally. Vulnerabilities included lack of '
'ownership checks in API endpoints, enabling attackers to '
'fetch call histories, modify robot tasks/settings, and '
'enumerate global robot inventories. The flaws posed risks '
'ranging from pranks to high-stakes sabotage in healthcare, '
'hospitality, and office environments. Pudu Robotics delayed '
'patching for 11 days despite early warnings, highlighting '
'corporate apathy toward security.',
'impact': {'brand_reputation_impact': ['Negative Media Coverage',
'Loss of Public Trust',
'Criticism for Delayed Response'],
'customer_complaints': ['Potential Complaints from Affected '
'Businesses (e.g., Skylark Holdings, '
'Zensho Corporation)'],
'data_compromised': ['Robot Call Histories',
'Store IDs',
'Robot Inventory Data',
'Task Logs'],
'downtime': ['Potential Fleet-Wide DoS via Task '
'Cancellation/Looping'],
'operational_impact': ['Unauthorized Task Creation/Cancellation',
'Robot Rerouting',
'Service Disruptions in '
'Hospitals/Restaurants/Hotels',
'Access to Restricted Areas'],
'systems_affected': ['BellaBot',
'KettyBot',
'PuduBot',
'Disinfection Robots',
'Medicine-Delivery Bots',
'Elevator-Equipped Delivery Robots']},
'initial_access_broker': {'entry_point': ['Unauthenticated API Endpoints'],
'high_value_targets': ['Hospitals',
'Offices with Sensitive '
'Documents',
'High-Traffic Restaurants']},
'investigation_status': 'Resolved (Patches Deployed)',
'lessons_learned': ['Critical need for ownership validation in API endpoints.',
'Unthrottled data enumeration poses systemic risks.',
'Delayed vendor response exacerbates vulnerabilities in '
'high-impact sectors (e.g., healthcare).',
'Public-facing robots require robust authentication to '
'prevent physical/safety risks.'],
'motivation': ['Potential Financial Gain (e.g., Ransom)',
'Sabotage',
'Mischief',
'Espionage'],
'post_incident_analysis': {'corrective_actions': ['Deployed API patches to '
'enforce ownership '
'validation.',
'Committed to improving '
'vulnerability response '
'protocols (per '
'acknowledgment).'],
'root_causes': ['Lack of ownership validation in '
'API authentication.',
'Absence of input throttling for '
'data enumeration.',
'Delayed vendor response to '
'vulnerability disclosure.',
'Over-reliance on token presence '
'without authorization checks.']},
'ransomware': {'ransom_demanded': ["Potential 'Robot Ransom' Scenario "
'(Hypothetical)']},
'recommendations': ['Implement strict API access controls with ownership '
'checks.',
'Establish a dedicated vulnerability disclosure program '
'with SLAs.',
'Proactively monitor for unauthorized API abuse (e.g., '
'rate limiting, anomaly detection).',
'Conduct third-party security audits for IoT/robotics '
'systems.',
'Enhance transparency in incident communication to '
'rebuild trust.'],
'references': [{'source': 'Independent Security Researcher (Unnamed)'},
{'date_accessed': '2023-08-23',
'source': 'Pudu Robotics Acknowledgment Email'}],
'response': {'communication_strategy': ['Generic Acknowledgment Email (Sent '
'2023-08-23 with Placeholder Text)'],
'containment_measures': ['API Authentication Patches (Rolled Out '
'on 2023-08-25)'],
'incident_response_plan_activated': 'No (Initial Silence)',
'remediation_measures': ['Added Ownership Validation to API '
'Endpoints'],
'third_party_assistance': ['Researcher Escalation to Major '
'Clients (Skylark, Zensho)']},
'stakeholder_advisories': ['Clients Notified via Researcher Escalation '
'(Skylark, Zensho)'],
'title': 'Critical API Authentication Vulnerabilities in Pudu Robotics’ '
'Service Robots',
'type': ['Unauthorized Access',
'API Vulnerability',
'Authentication Bypass',
'Denial-of-Service (DoS) Risk'],
'vulnerability_exploited': ['Broken Authentication (CWE-287)',
'Missing Function-Level Access Control (CWE-639)',
'Insufficient Input Validation (CWE-20)']}