DEF CON Safe Mode IoT Village - Mark Bereza - VULNtron 4 CVEs Turn a Teleconference Bot into a Spy

Once limited to the realm of science fiction, robotics now play a vital role in many industries, including manufacturing, agriculture, and even medicine. Despite this, the kind of robot that interfaces with humans directly, outside of the occasional toy or vacuum, threatens to remain an inhabitant of fiction for the foreseeable future. temi, a “personal robot” created by Roboteam, may help make that fiction a reality. temi is a smart device for consumer, enterprise, retail, and even medical environments that is capable of both autonomous movement and teleconferencing. It’s precisely this functionality, however, that makes it a valuable target for hackers. Unlike a simple camera exploit, a compromised temi grants an attacker mobility in addition to audio/video, greatly increasing their ability to spy on victims in the most private of situations - their homes, medical appointments, or workplaces. Not knowing when to quit, McAfee Advanced Threat Research uncovered four 0-day vulnerabilities in the temi. We’ll show how an attacker armed with nothing besides the victim’s phone number could exploit these vulnerabilities to intercept or join an existing temi call, gain video access, and even obtain “owner” privileges, granting the ability to remotely control the robot – all with zero authentication.