Vulnerabilities in telepresence robots allow access to image and video

Share this…

The manufacturer has solved two of the five reported errors; three patches are in the process of being released

Telepresence robots manufactured by the company Vecna Technologies can be hacked using a set of five vulnerabilities, as reported by experts in digital forensicsfrom the International Institute of Cyber Security. Vulnerabilities can be combined to allow an attacker full control over one of these devices, which gives the hacker the ability to alter the firmware, steal chat records, images or even access video live feeds.

Vecna has already launched security updates for two of the five vulnerabilities found, and is in the process of addressing the remaining three errors. Vulnerabilities have been reported as:

  • CVE-2018-8858: Credentials protection deficiencies – patch pending
  • CVE-2018-17931: Inadequate access control (USB) – patch pending
  • CVE-2018-17933: Incorrect authorization (XMPP client) – patch pending
  • CVE-2018-8860: Confidential information leaking – firmware updated
  • CVE-2018-8866: Remote Code Execution – solved

The flaws were discovered earlier this year by Dan Regalado, a cybersecurity and digital forensics specialist.

Vulnerabilities affect Vecna VGo Celia, a telepresence robot that can be deployed in some certain space but controlled from a remote location. Telepresence robots are equipped with a microphone and a video camera and are placed on mobile platforms. Its use is very common in hospitals to allow doctors to remotely monitor patients, in schools, to allow sick children to attend classes or for teachers to teach remotely, or in factories to allow technical inspections for authorized personnel.

“Because the robot performs firmware updates via HTTP, an attacker with access to the same network segment where the robot is connected can intercept the update”, said the digital forensics expert in his report on the subject.

An attacker could infect the firmware with malicious code or analyze it for vulnerabilities that could be exploited later.

Regalado discovered that the developers of Vecna had left an active developer tool in the robot that renders it vulnerable to a lot of attacks. This tool, a CGI script, allowed the attacker to execute commands with root privileges on the device.

The expert says the attacker can use this vulnerability to access the internal functions of the robot, but could also use the infected robot to attack other devices on an organization’s internal network.

Vecna has already solved the vulnerabilities CVE-2018-8860 and CVE-2018-8866, but Regalado says that there is another equally serious error. It says that the CVE-2018-17931 error allows an attacker to connect a USB drive in a robot and its firmware will run a file hosted on the USB drive (/config/startup.script) with root privileges, which gives the attacker the opportunity to hijack the device. Regalado also discovered CVE-2018-8858. This vulnerability allows an attacker to retrieve the WiFi passwords used by the robot to connect to an organization’s internal network.

CVE-2018-17933, the last of the three unsolved vulnerabilities, resides in the XMPP client, which is the heart of the robot firmware, which functions as a tunnel between the remote user and the internal functions of the robot.