A videoconferencing robot named temi, developed by a company Robotemi Global, was found to have serious security vulnerabilities, that if left unpatched, could enable threat actors to spy on or intercept calls and could even be totally compromised through remote operation.
Temi is commonly used in environments including businesses, healthcare, retail, hospitality, and other environments including the home. The temi robot typically includes LIDAR, cameras, proximity sensors, and other measurement equipment under what is called an inertial measurement unit.
McAfee’s Advanced Threat Research team recently published details of its findings, which outline how four separate vulnerabilities could co-opt the temi robot.
These vulnerabilities include CVE-2020-16170 – Use of Hard-Coded Credentials; CVE-2020-16168 – Origin Validation Error; CVE-2020-16167 – Missing Authentication for Critical Function; and CVE-2020-16169 – Authentication Bypass Using an Alternate Path of Channel.
“At the time of discovery, the vulnerabilities in the temi robot meant that an attacker could join any ongoing temi call simply by using a custom Agora app initialized with temi’s hardcoded App ID and iterating over all 900,000 possible channel names – certainly feasible with modern computing power,” writes Mcafee’s Mark Bereza.
He notes that while there are many attack vectors, there is one that is is of notable concern – this is an attacker’s ability to call and control a temi robot remotely by exploiting the authentication bypass in the privilege management mechanism.
“The attacker would only need the phone number of any of temi’s contacts – it need not be its admin. In our testing, none of the steps involved in leveraging this exploit notify temi’s admin in any way that something is amiss; they are not notified that the attacker has added themselves to the robot’s contact list nor that they have gained raised privileges.”
He adds, “Since this method does not cause temi to ring, an observer would have to see the attacker move temi or have a good look at its touchscreen during the attack to know something nefarious was going on.”
Since temi is popular in Korea as a robot deployed in nursing homes, Bereza is concerned that it is worrying that an attacker could have ‘eyes and ears’ into what should be private medical visits.
“It isn’t difficult to imagine what a malicious agent might do with an overheard network password, access code to a sensitive area, or the location and condition of a person of interest.”
Robotemi Global has patched all vulnerabilities in temi’s Robox OS version 120 and later, as well as all versions of the temi Android app after 1.3.7931.
McAfee notes that vendors should use proper security hygiene when they design products. Additionally, users should ensure that their devices are up-to-date and patched, and that the vendor demonstrates a commitment to security.