Choregraphe security issue

Question

I am trying to find a way to secure our robot against unwanted Choregraphe connections. We are required to work on a University-wide network, and we need a way to stop people from connecting who may have obtained the robot's IP address at some stage without our knowledge.

As there is no access to the root user account on the Pepper, I cannot simply lock down access using iptables, so I thought I might try looking at a way to forcibly close connections from ALChoregraphe when it registers on the robot.

However, running the command:

qicli info ALChoregraphe

I can see that the only method available is requestDisconnection. There is no way to close the connection forcibly.

I have tried using ALServiceManager to stop the service, but it apparently only knows about services that are installed as packages.

So far the only solution I have is to change the color of the eye LEDs to indicate that a connection has been established, and reset them when a disconnect is received.

Aside from moving the robot to its own network, do you have any suggestions on how I could go about handling this?

Thanks!

Answer 1

At the moment, there is no other way to prevent connections to the robots. All you can do is to make sure that unwanted clients cannot access the network of your robot.

Answer 2

In Choregraphe 2.4 and later, you can kick the existing Choregraphe after 30 seconds. If anyway it fails, you should unregister the services ALChoregraphe and ALChoregrapheRecorder using qicli call ServiceDirectory.unregisterService <serviceID> where serviceID is the number facing the services when listed with qicli info.