Rapid7 disclosed multiple vulnerabilities with the Telepresence Robot from Double Robotics, a mobile conferencing device that allows the remote user to roam around an office for “face-to-face” conversations. Discovered by Deral Heiland, Rapid7’s IoT research lead, the disclosure highlights three primary vulnerabilities:
Unauthenticated access to data: An unauthenticated user can gain access to Double 2 device information including serial numbers, current and historical driver and robot session information and GPS coordinates.
Status user session management: The access token which is created during account assignment to a Robot never changes. If this is compromised, it can be used to take control of a robot without a user account or password. Can be enumerated by anyone who has access to Double robot iPad.
Unrestricted Bluetooth pairing: Pairing process between mobile app and robot drive does not require the user to know the PIN. Once paired, a malicious actor can take control of the drive unit from up to one mile away with a high gain antenna.
Double Robotics’ Co-Founder and CEO, David Cann commented on these findings below.
“At Double Robotics, we seek to provide the best experience possible for our customers, which means not only providing an agile, innovative technology, but also, the highest level of safety and security. Rapid7’s thorough penetration tests ensure all of our products run as securely as possible, so we can continue delivering the best experience in telepresence. Before the patches were implemented, no calls were compromised and no sensitive customer data was exposed. In addition, Double uses end-to-end encryption with WebRTC for low latency, secure video calls.” – David Cann, Co-Founder and CEO, Double Robotics
Full vulnerability report here.