McAfee finds security risk with robots in care homes

By Leila Hawkins
Virtual assistant helping keep elderly residents in touch with loved ones found vulnerable to exploitation...

A personal robot used in care homes for the elderly was recently found to be at risk of attack by hackers. 

Security software company McAfee found that virtual assistant temi had vulnerabilities they were able to exploit, including intercepting calls, gaining video access, and even controlling the device remotely without the need for authentication. 

temi was launched in early 2019, billed as the world's first cost effective robot, aimed at both business and personal use. The 4-foot-tall robot uses Android software and connects via wifi and bluetooth. It was recently introduced into healthcare facilities and care homes for the elderly, largely to help keep residents connected to family and friends through teleconferencing while visiting has been restricted due to Covid-19. 

But when McAfee's Advanced Threat Research department decided to take a close look at temi, they found that the functions that make it such a highly connected device made it a target for malicious attacks. 

The McAfee team spent several months analysing the robot's functions, making video calls, marking key locations, and doing more in-depth work like looking at what open network ports the robot exposed and activating an Android debugger. 

They found that by making a few changes to the original Android app, phone calls could be easily intercepted. Another few changes and the robot could be manipulated to move around and activate its camera and microphone. To do this, the only information a hacker would need is a telephone number. 

This could have very serious consequences in clinical settings. Writing on McAfee's blog, Principal Engineer Douglas McKee said: "With the phone number of anyone who has called a temi recently, a hacker could observe what room number and condition a hospitalised member of congress is in. Temi could watch the security guard type in the building alarm code. Temi could observe the dog pictures on the nurse’s desk labeled with its cute name and birthday, that just happens to also be part of their password."

Inkeeping with their responsible disclosure policy, McAfee contacted temi once they'd confirmed these vulnerabilities. The two organisations have since been working together to improve the security of the robot, and after thorough testing have reported these have been resolved. 

"It is always exciting to see the positive impact security research can have when responsible disclosure is valued by vendor and researchers alike" McKee said. 

Share

Featured Articles

The Taiwan Excellence Award Winners on new technologies

Cypress Technology, Dacian Technology Material, Chroma ATE, Taiwan Advanced Nanotech & iDRC Chyng Hong Electronics are the Taiwan Excellence Award Winners

World Hepatitis Summit 2022 to support healthcare workers

The World Hepatitis Summit 2022 calls to prevent viral hepatitis as cases soar in children and healthcare workers struggle with the stigma

5 minutes with Yoni Nevo, CEO of Sweetch

At behavioural science company Sweetch, CEO Yoni Nevo treats chronic illnesses with digital therapeutics solutions, using AI & emotional intelligence

Canada’s telehealth support for Ukrainian healthcare workers

Technology & AI

How Contura’s hydrogel technology can help patients knees

Technology & AI

MVP Health Care’s Kim Kilby on hybrid healthcare’s future

Hospitals