Vecna Technologies recently patched multiple vulnerabilities in their Telepresence robots. The gadgets allegedly endured five different bugs that could trigger hacking attacks. specifically, the vulnerabilities could allow hackers to take complete control of the device and access users’ photos.
Telepresence Robots Endured Multiple Bugs
Researchers from Zingbox have discovered multiple security vulnerabilities in Telepresence Robots. Precisely, they found at least five different bugs in these robots that posed a severe security threat to the users. Exploitation of this bug could allow an attacker to get complete control of the device and access users’ photos.
As disclosed in their press release, Zingbox found a suite of five security vulnerabilities that could trigger hacking attacks together. This includes different flaws ranging from unsecured credentials to unauthenticated remote access. The researchers have given the details of these bugs in a separate vulnerability report.
According to Daniel Regalado, Zingbox security researcher, they assessed the VGo Celia robot – a popular “most widely known” robot – for the flaws. The vulnerabilities discovered include Insufficiently Protected Credentials – Wi-Fi, XMPP (CVE-2018-8858), Cleartext Transmission of Sensitive Information in the firmware (CVE-2018-8860), Improper Neutralization of Special Elements – RCE (CVE-2018-8866), Improper Access Control (USB) (CVE-2018-17931), and Improper Authorization (XMPP Client) (CVE-2018-17933).
Together, these vulnerabilities could allow an attacker to steal credentials, and access chats, photos, and videos of the users. Moreover, they could also an attacker to execute commands such as reboot, transfer system logs, record video streaming, etc. As stated by Zingbox,
“…vulnerabilities in telepresence robots that can be leveraged by hackers to access sensitive data such as chat conversations, images, and live video streams… a telepresence robot can initially be targeted by intercepting firmware updates or gaining access via remote hacking. In addition to the theft of sensitive data, the report also details how a hacker can gain access to video recordings.”
Bug Patches In Progress
Zingbox has worked for a while with Vecna regarding the bugs. Now that the vendors have patched a few bugs, and are fixing the rest. Vecna have reportedly patched the vulnerabilities CVE-2018-8860 and CVE-2018-8866. Whereas, patches are pending for CVE-2018-8858, CVE-2018-17931, and CVE-2018-17933.
Appreciating, the efforts of Vecna, Daniel Regalado commented,
“While much of the burden of ensuring device security falls on the healthcare providers, the collaboration between device manufacturers and security vendors is a critical component to assist healthcare providers. I commend the quick actions by the device manufacturers, which enable us to share additional details regarding this vulnerability and educate the industry on the latest cyber threats.”
Smart cameras and IoT, despite being useful, remain highly vulnerable to cyber attacks. In fact, even a minor bug can turn out to be a major security threat. That is why we frequently hear of vulnerabilities in smart cameras. Last month, researchers discovered a zero-day vulnerability “Peekaboo” in surveillance cameras that could allow remote attacks.
Take your time to comment on this article.