Flaws in telepresence robots allow hackers access to pictures, video feeds
Credit:
ZDNet
Telepresence robots from Vecna Technologies can be hacked using a suite of five vulnerabilities. The flaws can be combined to allow an attacker full control over a robot, giving an intruder the capability to alter firmware, steal chat logs, pictures, or even access live video streams.
Vecna has already patched two of the five vulnerabilities and is in the process of addressing the other three.
- CVE-2018-8858: Insufficiently Protected Credentials - Wi-Fi, XMPP - Patch Pending
- CVE-2018-8860: Cleartext Transmission of Sensitive Information - Firmware - Patched
- CVE-2018-8866: Improper Neutralization of Special Elements - RCE - Patched
- CVE-2018-17931: Improper Access Control (USB) - Patch Pending
- CVE-2018-17933: Improper Authorization (XMPP Client) - Patch Pending