Risk vulnerabilities with telepresence robots

Posted Oct 21, 2018 by Tim Sandle
Research from Zingbox has highlighted vulnerabilities with telepresence robots. These weaknesses can be leveraged by hackers to access sensitive data such as chat conversations, images and live video streams.
Shimon  the robotic marimba player  can listen to  understand  collaborate with  and surprise his hu...
Shimon, the robotic marimba player, can listen to, understand, collaborate with, and surprise his human counterparts.
Courtesy of Georgia Institute of Technology, National Media Relations
The Zingbox (a healthcare IoT security provider) investigation provides information on how a telepresence robot can initially be targeted by intercepting firmware updates or gaining access via remote hacking. In addition to the theft of sensitive data, the report also details how a hacker can gain access to video recordings.
Zingbox first presented the findings to the RSA cybersecurity conference in April 2018. Since then the company has continued to work with manufacturers to reduce risks relating to telepresence robots. These renewed concerns are contained within the report “Watching You through the Eyes of Celia, a Telepresence Robot.”
A telepresence robot is one that help to place the user at a remote location instantly, providing you a virtual presence, or "telepresence." Such robots have wireless internet connectivity and can be used for various remote working functions, including in the healthcare space.
Zingbox security researchers continue to have concerns about the vulnerabilities of these devices and they have listed out the five “Common Vulnerabilities and Exposures” affecting these types of machines.
The vulnerabilities identified stretch from unprotected credentials to unauthorized remote access. One major weakness is that telepresence robots can be targeted by intercepting firmware updates or by miscreants gaining access via remote hacking. This can lead to the theft of sensitive data and would-be hackers can additionally gain access to sensitive video recordings.
Commenting on the various vulnerabilities, Daniel Regalado, principal security researcher at Zingbox has said: “While much of the burden of ensuring device security falls on the healthcare providers, the collaboration between device manufacturers and security vendors is a critical component to assist healthcare providers.”
He adds: “I commend the quick actions by the device manufacturers, which enable us to share additional details regarding this vulnerability and educate the industry on the latest cyber threats.”