McAfee finds security risk with robots in care homes

By Leila Hawkins
Virtual assistant helping keep elderly residents in touch with loved ones found vulnerable to exploitation...

A personal robot used in care homes for the elderly was recently found to be at risk of attack by hackers. 

Security software company McAfee found that virtual assistant temi had vulnerabilities they were able to exploit, including intercepting calls, gaining video access, and even controlling the device remotely without the need for authentication. 

temi was launched in early 2019, billed as the world's first cost effective robot, aimed at both business and personal use. The 4-foot-tall robot uses Android software and connects via wifi and bluetooth. It was recently introduced into healthcare facilities and care homes for the elderly, largely to help keep residents connected to family and friends through teleconferencing while visiting has been restricted due to Covid-19. 

But when McAfee's Advanced Threat Research department decided to take a close look at temi, they found that the functions that make it such a highly connected device made it a target for malicious attacks. 

The McAfee team spent several months analysing the robot's functions, making video calls, marking key locations, and doing more in-depth work like looking at what open network ports the robot exposed and activating an Android debugger. 

They found that by making a few changes to the original Android app, phone calls could be easily intercepted. Another few changes and the robot could be manipulated to move around and activate its camera and microphone. To do this, the only information a hacker would need is a telephone number. 

This could have very serious consequences in clinical settings. Writing on McAfee's blog, Principal Engineer Douglas McKee said: "With the phone number of anyone who has called a temi recently, a hacker could observe what room number and condition a hospitalised member of congress is in. Temi could watch the security guard type in the building alarm code. Temi could observe the dog pictures on the nurse’s desk labeled with its cute name and birthday, that just happens to also be part of their password."

Inkeeping with their responsible disclosure policy, McAfee contacted temi once they'd confirmed these vulnerabilities. The two organisations have since been working together to improve the security of the robot, and after thorough testing have reported these have been resolved. 

"It is always exciting to see the positive impact security research can have when responsible disclosure is valued by vendor and researchers alike" McKee said. 


Featured Articles

HPV Vaccine 'Protects Males from Cancers' - Global Report

As a new report shows the human papillomavirus vaccine can also protect men and boys, we take a look at HPV vaccines, and their impact on world health

Tata Consultancy Report Shows AI in Healthcare on Rise

Tata Consultancy Services AI for Business Global Study shows that three-quarters of healthcare leaders are deploying AI to drive innovation and efficiency

McKinsey: Consumers Demand Data-driven Wellness Products

New McKinsey Future of Wellness survey shows that consumers demand data-driven wellness solutions to improve health, sleep, nutrition, fitness & longevity

SpaceX Starlink Launch Boost for Indonesia Healthcare

Technology & AI

J&J Targets Supplier Sustainability to Cut Healthcare GHGs


Walgreens to Sell Over-the-Counter Opioid Overdose Drug

Medical Devices & Pharma