Add iRobot's hack

Signed-off-by: Víctor Mayoral Vilches <v.mayoralv@gmail.com>

Author: vmayoral

0_introduction/README.md

@@ -54,6 +54,7 @@ A non-exhaustive list of cybersecurity research in robotics containing various r
 
 | 👹 Codename/theme | 🤖 Robotics technology affected | 👨‍🔬 Researchers | 📖 Description | 📅 Date |
 |-----|-------|-------------|-------------|------|
+| | [iRobot’s Roomba J7 series robot vacuum](https://www.technologyreview.com/2022/12/19/1065306/roomba-irobot-robot-vacuums-artificial-intelligence-training-data-privacy/) | N/A | Personal pictures in a home environment were found in the Internet taken by an iRobot’s Roomba J7 series robot vacuum. The photos vary in type and in sensitivity. The most intimate image we saw was the series of video stills featuring the young woman on the toilet, her face blocked in the lead image but unobscured in the grainy scroll of shots below. In another image, a boy who appears to be eight or nine years old, and whose face is clearly visible, is sprawled on his stomach across a hallway floor. A triangular flop of hair spills across his forehead as he stares, with apparent amusement, at the object recording him from just below eye level. Various other home pictures that tag objects in the environment were found. | 19-19-2022 |
 |  | Unitree's [Go1](https://m.unitree.com/products/go1) | d0tslash (MAVProxyUser in GitHub) | A hacker found a kill switch for a gun–wielding legged robot. The hack itself leverages a kill switch functionality/technology that ships in all units of the robot and that listens for a particular signal at 433Mhz. When it hears the signal, the robot shuts down. d0tslash used a portable multi-tool for pentesters ([Flipper Zero](https://flipperzero.one/)) to emulate the shutdown, copying the signal the robot dog’s remote broadcasts over the 433MHz frequency. | 09-08-2022 |
 | | Enabot's [`Ebo Air`](https://na.enabot.com/shop/air001) | **Modux** |  Researchers from Modux found a security *flaw* in Enabot Ebo Air #robot and responsibly disclosed their findings. Attack vectors could lead to remote-controlled *robot* spy units. Major entry point appears to be a hardcoded system administrator password that is weak and shared across all of these robots. Researchers also found information disclosure issues that could lead attackers to exfiltrate home (e.g. home WiFi password) that could then be used to pivot into other devices through local network. | 21-07-2022 |
 | <ins>Analyzing the Data Distribution Service (DDS) Protocol for Critical Industries</ins> | [`ROS 2`](https://ros.org), [eProsima](https://www.eprosima.com/)'s [`Fast-DDS`](https://github.com/eProsima/Fast-DDS), [OCI](https://objectcomputing.com/)'s [`OpenDDS`](https://github.com/objectcomputing/OpenDDS), [ADLINK](https://www.adlinktech.com/)'s (*now [ZettaScale](https://www.zettascale.tech/)'s*) [CycloneDDS](https://github.com/eclipse-cyclonedds/cyclonedds), [RTI](<https://www.rti.com>)'s [ConnextDDS](https://www.rti.com/products), [Gurum Networks](https://www.gurum.cc/home)'s [GurumDDS](https://www.gurum.cc/freetrial) and [Twin Oaks Computing](http://www.twinoakscomputing.com/)'s [CoreDX DDS](http://www.twinoakscomputing.com/coredx/download) | [Ta-Lun Yen](https://www.linkedin.com/in/evsfy/), [Federico Maggi](https://www.linkedin.com/in/phretor/), [Víctor Mayoral-Vilches](https://www.linkedin.com/in/vmayoral/), [Erik Boasson](https://www.linkedin.com/in/erik-boasson-21344912/) *et al.* (**various**) | This research looked at the OMG Data Distribution Service (DDS) standards and its implementations from a security angle. 12 CVE IDs were discovered 🆘, 1 specification-level vulnerability identified 💻, and 6 DDS implementations were analyzed (3 open source, 3 proprietary). Results hinted that DDS's security mechanisms were not secure and much effort on this side was required to protect sensitive industrial and military systems powered by this communication middleware. The research group detected that these security issues were present in almost 650 different devices exposed on the Internet, across 34 countries and affecting 100 organizations through 89 Internet Service Providers (ISPs). | 19-04-2022 |

README.md

@@ -112,6 +112,7 @@ A non-exhaustive list of cybersecurity research in robotics containing various r
 
 | 👹 Codename/theme | 🤖 Robotics technology affected | 👨‍🔬 Researchers | 📖 Description | 📅 Date |
 |-----|-------|-------------|-------------|------|
+| | [iRobot’s Roomba J7 series robot vacuum](https://www.technologyreview.com/2022/12/19/1065306/roomba-irobot-robot-vacuums-artificial-intelligence-training-data-privacy/) | N/A | Personal pictures in a home environment were found in the Internet taken by an iRobot’s Roomba J7 series robot vacuum. The photos vary in type and in sensitivity. The most intimate image we saw was the series of video stills featuring the young woman on the toilet, her face blocked in the lead image but unobscured in the grainy scroll of shots below. In another image, a boy who appears to be eight or nine years old, and whose face is clearly visible, is sprawled on his stomach across a hallway floor. A triangular flop of hair spills across his forehead as he stares, with apparent amusement, at the object recording him from just below eye level. Various other home pictures that tag objects in the environment were found. | 19-19-2022 |
 |  | Unitree's [Go1](https://m.unitree.com/products/go1) | d0tslash (MAVProxyUser in GitHub) | A hacker found a kill switch for a gun–wielding legged robot[^19][^20][^21][^22]. The hack itself leverages a kill switch functionality/technology that ships in all units of the robot and that listens for a particular signal at 433Mhz. When it hears the signal, the robot shuts down. d0tslash used a portable multi-tool for pentesters ([Flipper Zero](https://flipperzero.one/)) to emulate the shutdown, copying the signal the robot dog’s remote broadcasts over the 433MHz frequency. | 09-08-2022 |
 | | Enabot's [`Ebo Air`](https://na.enabot.com/shop/air001) | **Modux**[^1] |  Researchers from Modux found a security *flaw* in Enabot Ebo Air #robot and responsibly disclosed their findings. Attack vectors could lead to remote-controlled *robot* spy units. Major entry point appears to be a hardcoded system administrator password that is weak and shared across all of these robots. Researchers also found information disclosure issues that could lead attackers to exfiltrate home (e.g. home WiFi password) that could then be used to pivot into other devices through local network. | 21-07-2022 |
 | <ins>Analyzing the Data Distribution Service (DDS) Protocol for Critical Industries</ins>[^6] | [`ROS 2`](https://ros.org), [eProsima](https://www.eprosima.com/)'s [`Fast-DDS`](https://github.com/eProsima/Fast-DDS), [OCI](https://objectcomputing.com/)'s [`OpenDDS`](https://github.com/objectcomputing/OpenDDS), [ADLINK](https://www.adlinktech.com/)'s (*now [ZettaScale](https://www.zettascale.tech/)'s*) [CycloneDDS](https://github.com/eclipse-cyclonedds/cyclonedds), [RTI](<https://www.rti.com>)'s [ConnextDDS](https://www.rti.com/products), [Gurum Networks](https://www.gurum.cc/home)'s [GurumDDS](https://www.gurum.cc/freetrial) and [Twin Oaks Computing](http://www.twinoakscomputing.com/)'s [CoreDX DDS](http://www.twinoakscomputing.com/coredx/download) | [Ta-Lun Yen](https://www.linkedin.com/in/evsfy/), [Federico Maggi](https://www.linkedin.com/in/phretor/), [Víctor Mayoral-Vilches](https://www.linkedin.com/in/vmayoral/), [Erik Boasson](https://www.linkedin.com/in/erik-boasson-21344912/) *et al.* (**various**)[^6] | This research looked at the OMG Data Distribution Service (DDS) standards and its implementations from a security angle. 12 CVE IDs were discovered 🆘, 1 specification-level vulnerability identified 💻, and 6 DDS implementations were analyzed (3 open source, 3 proprietary). Results hinted that DDS's security mechanisms were not secure and much effort on this side was required to protect sensitive industrial and military systems powered by this communication middleware. The research group detected that these security issues were present in almost 650 different devices exposed on the Internet, across 34 countries and affecting 100 organizations through 89 Internet Service Providers (ISPs). | 19-04-2022 |