Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Vulnerabilities Found in Double Telepresence Robots

Researchers at Rapid7 discovered several vulnerabilities in Double telepresence robots from Double Robotics. The vendor has addressed the more serious issues with server-side fixes.

Researchers at Rapid7 discovered several vulnerabilities in Double telepresence robots from Double Robotics. The vendor has addressed the more serious issues with server-side fixes.

Double is a robot that allows people to have a physical presence at their workplace or school without actually being there in person. The product, often described as an iPad on a stick, has been used by many companies and universities.

Rapid7 researchers discovered that the Double telepresence robot had been affected by at least three vulnerabilities, including ones that could have been, or can be, exploited to take control of the machine.Double robot

One of the flaws found by experts allowed an unauthenticated attacker to gain access to device information, including GPS coordinates, device serial numbers, current and historical driver and robot session data, a device installation keys. The security hole could have been exploited simply by incrementing the value of a parameter in a specified URL.

The second vulnerability is related to the access token (driver_token) created when an account is assigned to a robot. The problem, according to researchers, was that the token never changed or expired, allowing an attacker who possessed the token to remotely take control of a robot.

The access token could have been obtained via a SSL man-in-the-middle (MitM) attack or from the robot’s iPad.

The third weakness is related to the fact that an attacker does not need to know the challenge PIN when pairing the mobile application (i.e. the iPad) to the drive unit via Bluetooth, enabling them to take control of the drive unit.

However, there are some mitigations against potential attacks. The attacker needs to be in Bluetooth range – the distance can be up to one mile if a high-gain antenna is used – and only one mobile device can be paired with the drive unit at one time.

The vulnerabilities were reported to Double Robotics in December, and the unauthenticated data access and session management flaws were addressed in mid-January on the server side.

Advertisement. Scroll to continue reading.

The vendor believes the Bluetooth pairing issue is not a serious vulnerability and it does not plan on fixing it. Nevertheless, Rapid7 believes users should be aware of the flaw.

“Rapid7’s thorough penetration tests ensure all of our products run as securely as possible, so we can continue delivering the best experience in telepresence,” said Double Robotics co-founder and CEO David Cann. “Before the patches were implemented, no calls were compromised and no sensitive customer data was exposed. In addition, Double uses end-to-end encryption with WebRTC for low latency, secure video calls.”

Rapid7 also reported the vulnerabilities to CERT/CC. The organizations agreed not to assign CVE identifiers considering that only one instance of the software was affected and users were not required to take any action to apply the patches.

Rapid7’s security advisory comes just days after IOActive warned that many robots are affected by serious vulnerabilities.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

DARPA veteran Dan Kaufman has joined Badge as SVP, AI and Cybersecurity.

Kelly Shortridge has been promoted to VP of Security Products at Fastly.

After the passing of Amit Yoran, Tenable has appointed Steve Vintz and Mark Thurmond as co-CEOs.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.