Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Vulnerabilities Found in Double Telepresence Robots

Researchers at Rapid7 discovered several vulnerabilities in Double telepresence robots from Double Robotics. The vendor has addressed the more serious issues with server-side fixes.

Researchers at Rapid7 discovered several vulnerabilities in Double telepresence robots from Double Robotics. The vendor has addressed the more serious issues with server-side fixes.

Double is a robot that allows people to have a physical presence at their workplace or school without actually being there in person. The product, often described as an iPad on a stick, has been used by many companies and universities.

Rapid7 researchers discovered that the Double telepresence robot had been affected by at least three vulnerabilities, including ones that could have been, or can be, exploited to take control of the machine.Double robot

One of the flaws found by experts allowed an unauthenticated attacker to gain access to device information, including GPS coordinates, device serial numbers, current and historical driver and robot session data, a device installation keys. The security hole could have been exploited simply by incrementing the value of a parameter in a specified URL.

The second vulnerability is related to the access token (driver_token) created when an account is assigned to a robot. The problem, according to researchers, was that the token never changed or expired, allowing an attacker who possessed the token to remotely take control of a robot.

The access token could have been obtained via a SSL man-in-the-middle (MitM) attack or from the robot’s iPad.

The third weakness is related to the fact that an attacker does not need to know the challenge PIN when pairing the mobile application (i.e. the iPad) to the drive unit via Bluetooth, enabling them to take control of the drive unit.

However, there are some mitigations against potential attacks. The attacker needs to be in Bluetooth range – the distance can be up to one mile if a high-gain antenna is used – and only one mobile device can be paired with the drive unit at one time.

The vulnerabilities were reported to Double Robotics in December, and the unauthenticated data access and session management flaws were addressed in mid-January on the server side.

Advertisement. Scroll to continue reading.

The vendor believes the Bluetooth pairing issue is not a serious vulnerability and it does not plan on fixing it. Nevertheless, Rapid7 believes users should be aware of the flaw.

“Rapid7’s thorough penetration tests ensure all of our products run as securely as possible, so we can continue delivering the best experience in telepresence,” said Double Robotics co-founder and CEO David Cann. “Before the patches were implemented, no calls were compromised and no sensitive customer data was exposed. In addition, Double uses end-to-end encryption with WebRTC for low latency, secure video calls.”

Rapid7 also reported the vulnerabilities to CERT/CC. The organizations agreed not to assign CVE identifiers considering that only one instance of the software was affected and users were not required to take any action to apply the patches.

Rapid7’s security advisory comes just days after IOActive warned that many robots are affected by serious vulnerabilities.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.