Flaws in telepresence robots allow hackers access to pictures, video feeds

Flaws in telepresence robots allow hackers access to pictures, video feeds

Telepresence robots from Vecna Technologies can be hacked using a suite of five vulnerabilities. The flaws can be combined to allow an attacker full control over a robot, giving an intruder the capability to alter firmware, steal chat logs, pictures, or even access live video streams.

Vecna has already patched two of the five vulnerabilities and is in the process of addressing the other three.

  • CVE-2018-8858: Insufficiently Protected Credentials - Wi-Fi, XMPP - Patch Pending
  • CVE-2018-8860: Cleartext Transmission of Sensitive Information - Firmware - Patched
  • CVE-2018-8866: Improper Neutralization of Special Elements - RCE - Patched
  • CVE-2018-17931: Improper Access Control (USB) - Patch Pending
  • CVE-2018-17933: Improper Authorization (XMPP Client) - Patch Pending

The flaws were discovered earlier this year by Dan Regalado, a security researcher with IoT cyber-security firm Zingbox.

The vulnerabilities affect Vecna VGo Celia, a telepresence robot that can be deployed in the field but controlled from a remote location. Telepresence robots are equipped with both a microphone and a video camera and sit on movable rigs.

They are usually found in hospitals, to allow doctors to interview patients from afar, in schools, to allow sick children to attend classes or professors to give classes while on the road, or in factories to allow technical inspections from authorized personnel. See more...

Click here to chat with us