Cute, novel and useful — yet ‘temi’, a concierge robot, could have given hackers the compromise to harm seniors and hospital patients.

A personal robot designed for use in senior care and healthcare settings has been found to harbor vulnerabilities that could have been exploited due its perceived harmlessness and utilitarian, novel nature.

The robot called “temi” can help us see a loved one in the hospital through teleconferencing, escort us to the ballroom in the hotel we are staying at, or help a doctor virtually visit with a patient. Across its homeland Israel, temi was recently selected as the de facto robotics platform for hospital telepresence.

Temi and similar devices are regularly used within homes, businesses, medical facilities, educational institutions, retail stores and more, and are capable of autonomous movement and teleconferencing. These advanced functions make temi an incredibly involved and connected device. However, researchers have now disclosed vulnerabilities in temi that allowed them to intercept or join existing calls, gain video access and even control the robot remotely, without any authentication.

If compromised, temi and similar robotic devices would grant the attacker mobility, audio and video: greatly increasing the ability to spy on victims in the most private situations ranging from homes to medical appointments and more. This is especially worrying as temi has been used in caretaking and service functions, especially in the already-vulnerable and targeted healthcare settings.

Vulnerabilities in detail

For the ability to make video calls and to remotely control temi securely, it is important to keep information used to connect to a call secret and secured. Since temi had some flaws doing so, the team of researchers at cybersecurity firm McAfee turned their attention to the question of whether these ‘character flaws’ could be exploited.

With only a few modifications to the original temi Android application, the researchers could intercept phone calls intended for another user. With a few more modifications, temi began to trust the McAfee ‘attacker’ and allow itself to be navigated around and have its camera and microphone activated.

The team also discovered that the only knowledge an attacker would need to know about the victim is their phone number. Yes, the same number you cannot figure out how tele-markers got ahold of was the information a malicious actor would need to access a temi device remotely without your knowledge or consent, according to their blog post.

Next, consider a hospital that keeps a very tight and well-run information security program. Normally, it would be almost impossible to steal information from their system, but through temi’s vulnerabilities there was now a way to gather information about the internal operations of the business without needing to crack the well-implemented business network or physical security. With just the phone number of anyone who has called a temi recently, an attacker could observe what room number and condition a hospitalized is in.

Visual information captured by temi—for example the dog pictures on the nurse’s desk labeled with its cute name and birthday—could just happen to be part of their network access password. Temi could watch unnoticed as the security guard typed the building alarm code on a terminal. These bits of information can be exploited easily once temi is compromised.

Lesson learnt

Once the vulnerabilities were confirmed to be exploitable, the research team’s discoveries were disclosed to temi’s manufacturer. Over the subsequent weeks, a more robust solution for temi was developed.

For each vulnerability, the McAfee team provided temi’s developers with two mitigation strategies: either a band aid (a temporary fix until something more concrete is found) and a cure (a more lasting and definitive solution). Temi’s developers chose to implement a cure for all the vulnerability findings.

Once in place, the patches were tested and confirmed to be effectively mitigated by cooperative stakeholders. So, what is the larger lesson here?

According to the McAfee blog, the key to vulnerability mitigation is the iterative loop of Observing–Orienting–Deciding and Actions (OODA). The ability for a robot to observe activities, to be in a position oriented by its supposed harmlessness, allowed vulnerabilities in its algorithms to be exploited to control its decisions and actions.

Similarly, McAfee’s research team had observed a new impactful technology emerging into the market. Due to their previous experiences and technical expertise they were well-oriented to decide to take further Action and investigate.

Closing the loop, temi’s developers had observed the value in collaboration, oriented themselves in a position where they could decide to take action in making a tool used for observation a more secure product.

This newsy case study just goes to show that, without a security-first approach in any technology, once hackers have caught on to any exploitable vulnerabilities, it will be too late for any woulda, coulda and shoulda excuses. Instead, let the OODA Loop be your guide to better developmental processes!