Full Report
Overview As part of our continued goal of helping developers provide safer products for businesses and consumers, we here at... The post Call an Exorcist! My Robot’s Possessed! appeared first on McAfee Blog.
Analysis Summary
# Critical Vulnerabilities in temi Telepresence Robots
McAfee Advanced Threat Research (ATR) discovered four critical vulnerabilities in the temi teleconference robot, produced by Robotemi Global Ltd., which collectively allowed unauthorized remote code execution, surveillance, and complete remote operation of the device.
## Key Points
- The vulnerabilities allowed a malicious actor to spy on video calls, intercept calls intended for other users, and remotely operate the temi robot.
- The combined exploitation of these flaws resulted in total control over the robot's functionality with zero authentication required against affected versions.
- The research involved detailed analysis, including port scanning, traffic capturing, code reversing of the phone app, and exploiting MQTT communication vectors.
- The vendor, Robotemi Global Ltd., responded promptly and collaborated with McAfee ATR, resulting in patches being released quickly.
## Threat Actors
- No specific named advanced persistent threat (APT) group was attributed to the exploitation of these vulnerabilities; however, the findings expose risks that malicious actors or hackers could exploit.
## TTPs
The vulnerabilities directly stemmed from serious security misconfigurations and implementation errors:
1. **Hard-Coded Credentials (CVE-2020-16170):** Use of fixed, non-revocable credentials allowing unauthorized access.
2. **Origin Validation Error (CVE-2020-16168):** Lack of proper checks on the source of incoming requests.
3. **Missing Authentication for Critical Function (CVE-2020-16167):** Key functionalities were accessible without proper authorization checks.
4. **Authentication Bypass Using an Alternate Path of Channel (CVE-2020-16169):** Exploitation of communication pathways to circumvent security controls.
- **Attack Vectors Investigated:** Brute-forcing channel names and exploiting MQTT attack vectors were detailed as potential methods following initial reconnaissance.
## Affected Systems
- **Device:** temi Teleconference Robot (produced by Robotemi Global Ltd.)
- **Software Affected (Pre-Mitigation):**
- temi’s Robox OS versions prior to **120**.
- temi Android app versions prior to **1.3.7931**.
## Mitigations
- **Successful Patch Deployment:** Robotemi Global Ltd. released security updates to address all identified vulnerabilities.
- **Required Updates:** Users must update to **version 120** of the temi’s Robox OS or later, and **version 1.3.7931** of the temi Android app or later.
- **General Defense (Implied):** Securing critical functions through strong, non-hardcoded authentication mechanisms (addressing CVE-2020-16167 and CVE-2020-16170).
## Conclusion
The discovery highlights significant security flaws in consumer/enterprise IoT devices like the temi robot, where the combination of vulnerabilities—specifically credential exposure and authentication bypasses—can lead to complete device compromise and pervasive surveillance capabilities. Organizations deploying these devices should immediately verify they are running the specified patched software versions to prevent unauthorized remote takeover and data exfiltration.