Could personal robots become a new target for cyber attackers?

Could personal robots become a new target for cyber attackers? article image

Autonomous personal robots with advanced teleconference capabilities are now helping millions of people across the globe to stay connected.

These telepresence robots are being used in a broad range of facilities including businesses, homes, hospitals and medical facilities, retail, hospitality, educational institutions and aged care centres.

And with the COVID-19 pandemic forcing many of us into lockdown, isolation and quarantine, sales of personal assistance robots are soaring.

But with any device we use daily – whether it’s your phone, computer, smart home device or a robot – security is paramount.

So what are the risks associated with robots that can store so much valuable information?

These connected devices come with sophisticated software and advanced functions, making them a prime target for malicious attacks, warns McAfee, a US-based company renowned globally for its cutting-edge anti-virus software.

In recent years, with the incidence of corporate cyberattacks steadily rising, McAfee has turned its attention to device-to-cloud cybersecurity.

Earlier this year, experts from the company’s Advanced Threat Research, embarked on a challenging mission to test the security of one of the world’s best-selling telepresence robots – temi.

Growing demand for personal robots

Developed by Israeli-based company Robotemi Global,temi is a voice-activated autonomous robot on wheels equipped with a range of sensors, artificial intelligence (AI) and machine learning (ML) technologies.

Using mobile connectivity, it can perform a number of sophisticated functions including personal assistance tasks, answering Internet queries and facilitating remote video calls.

temi was originally launched as a personal robot for domestic markets, but the company is now shifting its focus toward B2B.

With an estimated 1,000 new devices being created a month, temi is helping us to see a loved one in a hospital or aged care facility through teleconferencing. It’s also helping doctors to virtually visit their patients and connecting office staff who are now working remotely.

In April this year, temi was selected by Israel’s Ministry of Defence to assist medical teams in coronavirus (COVID-19) wards throughout the country.

Researchers manage to crack the code

McAfee researchers spent nearly three months trying to hack into temi, searching for any vulnerabilities.

The team released their findings late last month – and the results have sent shockwaves through the robotics community.

In total, four vulnerabilities were found.

This included the use of hard-coded credentials, an origin validation error, missing authentication for critical functions, and an authentication bypass.

Hackers could intercept or join existing calls

The security flaws allowed McAfee’s investigators to intercept or join existing calls, gain video access, and even control the robot remotely – without any authentication.

“If compromised, telepresence robots would grant the attacker mobility, audio and video – greatly increasing the ability to spy on victims in the most private situations – from homes to medical appointments and more,” says Steve Povolny, Head of McAfee Advanced Threat Research.20190117_McAfee_0198_Print_Steve Povolny

“This has widespread implications for not only temi, but other similar devices,” he adds.

McAfee Lead Researcher Mark Bereza says telepresence robots have been quickly rolled out in response to the COVID-19 pandemic for applications like remote healthcare and in hospitals.

“They’re also being used for boardroom conferences and in hotels leading guests to their rooms.”

McAfee informed Robotemi Global of the vulnerabilities in March and the company has since successfully patched its software.

They commended temi for its swift response calling it “one of the most responsive, proactive, and efficient vendors McAfee has had the pleasure of working with.”

Once it was hacked by them and all the security issues identified, the team worked closely with temi technicians to ensure all the security issues were fixed.

Developing an ideal solution

“In keeping with our responsible disclosure program, we reached out to temi as soon as we confirmed that the vulnerabilities we discovered were exploitable,” Povolny told Inside Robotics.

“For each vulnerability, we provided temi with two mitigations strategies – a band aid and a cure. It is common for vendors to only implement the band aid or quick fix solution,” Bereza adds.

“To their credit, temi took on the challenge of implementing the more effective solution or the cure for all findings.

“Once in place, we were able to test and confirm that all the vulnerabilities reported were effectively mitigated.”

Polvolny says the temi team was very receptive, grateful, and had a strong desire to improve the security of its product.

“We feel comfortable that these vulnerabilities have now been effectively fixed.”Mark_McAfee

Big growth potential in Australia and NZ

Temirobo Global is expecting Australia and New Zealand will become big markets for the company.

Nicci Rossouw, the co-founder and principal of Exaptec, the company that distributes temi in Australia and New Zealand, says the smart robot is set to change people’s lives.

Sales are steadily increasing across retail, hospitality, healthcare, aged care and corporate sectors, she says.

Two of the robots were recently sent to a hospital in Brisbane for consultants to stay in contact with each other.

And a university in Melbourne is using temi as a host on open days to show prospective students around.

Ms Rossouw assures local customers that McAfee has approved temi's security mechanisms as “a mature and reliable product.”

For a deep dive into McAfee’s Advanced Threat research on temi click here.



Leave A Comment

Featured Products