Global Statistics

All countries
96,671,066
Confirmed
Updated on January 20, 2021 8:34 am
All countries
69,137,564
Recovered
Updated on January 20, 2021 8:34 am
All countries
2,066,788
Deaths
Updated on January 20, 2021 8:34 am

Global Statistics

All countries
96,671,066
Confirmed
Updated on January 20, 2021 8:34 am
All countries
69,137,564
Recovered
Updated on January 20, 2021 8:34 am
All countries
2,066,788
Deaths
Updated on January 20, 2021 8:34 am

McAfee finds vulnerabilities in ‘temi’ the videoconferencing robot

A videoconferencing robot named temi, developed by a company Robotemi Global, was found to have serious security vulnerabilities, that if left unpatched, could enable threat actors to spy on or intercept calls and could even be totally compromised through remote operation.

Temi is commonly used in environments including businesses, healthcare, retail, hospitality, and other environments including the home. The temi robot typically includes LIDAR, cameras, proximity sensors, and other measurement equipment under what is called an inertial measurement unit.

McAfee’s Advanced Threat Research team recently published details of its findings, which outline how four separate vulnerabilities could co-opt the temi robot.

These vulnerabilities include CVE-2020-16170 – Use of Hard-Coded Credentials; CVE-2020-16168 – Origin Validation Error; CVE-2020-16167 – Missing Authentication for Critical Function; and CVE-2020-16169 – Authentication Bypass Using an Alternate Path of Channel.

“At the time of discovery, the vulnerabilities in the temi robot meant that an attacker could join any ongoing temi call simply by using a custom Agora app initialized with temi’s hardcoded App ID and iterating over all 900,000 possible channel names – certainly feasible with modern computing power,” writes Mcafee’s Mark Bereza.

He notes that while there are many attack vectors, there is one that is is of notable concern – this is an attacker’s ability to call and control a temi robot remotely by exploiting the authentication bypass in the privilege management mechanism.

“The attacker would only need the phone number of any of temi’s contacts – it need not be its admin. In our testing, none of the steps involved in leveraging this exploit notify temi’s admin in any way that something is amiss; they are not notified that the attacker has added themselves to the robot’s contact list nor that they have gained raised privileges.”

He adds, “Since this method does not cause temi to ring, an observer would have to see the attacker move temi or have a good look at its touchscreen during the attack to know something nefarious was going on.”

Since temi is popular in Korea as a robot deployed in nursing homes, Bereza is concerned that it is worrying that an attacker could have ‘eyes and ears’ into what should be private medical visits.

“It isn’t difficult to imagine what a malicious agent might do with an overheard network password, access code to a sensitive area, or the location and condition of a person of interest.”

Robotemi Global has patched all vulnerabilities in temi’s Robox OS version 120 and later, as well as all versions of the temi Android app after 1.3.7931.

McAfee notes that vendors should use proper security hygiene when they design products. Additionally, users should ensure that their devices are up-to-date and patched, and that the vendor demonstrates a commitment to security.

Hot Topics

How iText adapts to the evolution of open source & PDF

It is easy to take the liberties and benefits of the open source software market for granted. But pause a moment to think about...

Lenovo’s new Chromebook Enterprise ThinkPad

Lenovo has released a new addition to its ThinkPad portfolio, the ThinkPad C13 Yoga Chromebook Enterprise. “The past few months have painfully highlighted the fundamental...

Jabra Evolve2 65 Headset for business UC

The canny folk at Jabra are thinking of the big picture in these times of working remotely from home. They offer solutions for folk...

Related Articles

Meet 20 Year Old Musician “TURN UP TOBI” Who Inspires Others With His Music

Newark, New Jersey, January 19, 2021,  ZEXPRWIRE, Meet D’Ante Kareem Aljuan Adkins a 20-year-old music producer, Sound engineer, And a musician. He works  together with...

Hack Shifts Social App Control to its Top-Ranked Video Creator

Accurately predicting social media’s toxic voyeurism and greed, sci-fi graphic novel Contraband Financial Times says “evokes shabby world of compromised morals” now available on...

PROMOTIONAL EVENT STUDIO 8 EARBUDS

New Jersey, United States, January 18, 2021,  ZEXPRWIRE,, Gamers and music lovers alike all seem to agree on one thing and that is which...