![]() ![]() Whenever you launch the temi phone app, it scans your phone’s contacts and automatically adds any numbers that have been registered with the temi app to the app’s contact list. Temi can have many contacts outside of its singular admin, and becoming a contact is fairly straightforward. The phone used to scan the QR code becomes temi’s “admin”, allowing you to control the robot remotely by simply calling it. Normal operation of the temi robot is done through the use of its smart phone app, and at first startup temi prompted us to scan a QR code with the app. Once it finally arrived, we got to setting it up the way any user might: we unboxed it, plugged in its charging dock, and connected it to WiFi. What would a compromised temi mean for its users, whether it be the mother out on business, or the patient being diagnosed via robotic proxy? We placed our preorder and set out to find out. Its growing presence in the medical space, which temi’s creators have accommodated by stepping up production to 1,000 units a month, is especially interesting given the greatly increased demand for remote doctor’s visits. Articles linked from the temi website describe the robot’s applications in various industries: Connected Living recently partnered with temi for use in elder care, the Kellog’s café in NYC adopted temi to “enhance the retail experience”, and corporate staffing company Collabera uses temi to “improve cross-office communication.” Despite its slogan of “personal robot”, it appears that temi is designed for both consumer and enterprise applications, and it’s the latter that really got us at McAfee Advanced Threat Research interested in it as a research target. Robotemi markets its robot as being used primarily for teleconferencing. If it weren’t for the nefarious forces of stairs and curbs, temi would be unstoppable. All these work together to give temi something close to the ability to move autonomously through a space while avoiding any obstacles. These include 360° LIDAR, three different cameras, five proximity sensors, and even an Inertial Measurement Unit (IMU) sensor, which is a sort of accelerometer + gyroscope + magnetometer all-in-one. How are MQTT Call Invite Messages Published?ĭetour: Sneaking Onto temi’s Contact Listįor an Android tablet ‘brain’ sitting atop a 4-foot-tall robot, temi packs a lot of sensors into a small form factor. ![]() The Relationship Between Robot IDs and MQTT Topics Contentsīrute-Forcing the Channel Name as an Attack Vector Those interested in a higher-level, less technical overview of these findings should refer to our summary blog post here. This paper is intended as a long-form technical analysis of the vulnerability discovery process, the exploits made possible by the vulns, and the potential impact such exploits may have. We’d go so far as to say this has been one of the most responsive, proactive, and efficient vendors McAfee has had the pleasure of working with. We commend Robotemi for their prompt response and willingness to collaborate throughout this process. As of July 15, 2020, these vulnerabilities have been successfully patched – mitigated in version 120 of the temi’s Robox OS and all versions after of the temi Android app. Shortly thereafter, they responded and began an ongoing dialogue with ATR while they worked to adopt the mitigations we outlined in our disclosure report. Per McAfee’s vulnerability disclosure policy, we reported our findings to Robotemi Global Ltd. Together, these vulnerabilities could be used by a malicious actor to spy on temi’s video calls, intercept calls intended for another user, and even remotely operate temi – all with zero authentication. CVE-2020-16169 – Authentication Bypass Using an Alternate Path of Channel. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |