McAfee finds security risk with robots in care homes

By Leila Hawkins
Share
Virtual assistant helping keep elderly residents in touch with loved ones found vulnerable to exploitation...

A personal robot used in care homes for the elderly was recently found to be at risk of attack by hackers. 

Security software company McAfee found that virtual assistant temi had vulnerabilities they were able to exploit, including intercepting calls, gaining video access, and even controlling the device remotely without the need for authentication. 

temi was launched in early 2019, billed as the world's first cost effective robot, aimed at both business and personal use. The 4-foot-tall robot uses Android software and connects via wifi and bluetooth. It was recently introduced into healthcare facilities and care homes for the elderly, largely to help keep residents connected to family and friends through teleconferencing while visiting has been restricted due to Covid-19. 

But when McAfee's Advanced Threat Research department decided to take a close look at temi, they found that the functions that make it such a highly connected device made it a target for malicious attacks. 

The McAfee team spent several months analysing the robot's functions, making video calls, marking key locations, and doing more in-depth work like looking at what open network ports the robot exposed and activating an Android debugger. 

They found that by making a few changes to the original Android app, phone calls could be easily intercepted. Another few changes and the robot could be manipulated to move around and activate its camera and microphone. To do this, the only information a hacker would need is a telephone number. 

This could have very serious consequences in clinical settings. Writing on McAfee's blog, Principal Engineer Douglas McKee said: "With the phone number of anyone who has called a temi recently, a hacker could observe what room number and condition a hospitalised member of congress is in. Temi could watch the security guard type in the building alarm code. Temi could observe the dog pictures on the nurse’s desk labeled with its cute name and birthday, that just happens to also be part of their password."

Inkeeping with their responsible disclosure policy, McAfee contacted temi once they'd confirmed these vulnerabilities. The two organisations have since been working together to improve the security of the robot, and after thorough testing have reported these have been resolved. 

"It is always exciting to see the positive impact security research can have when responsible disclosure is valued by vendor and researchers alike" McKee said. 

Share

Featured Articles

How Huawei's Digital Solutions are Transforming Healthcare

Offering network, cloud, and AI solutions, Huawei is able to help healthcare providers deliver better outcomes for patients

2024 Nestlé Nutrition Symposium Explored Food & Health

Nestlé manufactures 4.5m KitKats every day, but the food giant is also focused on advancing food nutrition, as explored at the 2024 International Symposium

Thirona’s AI Tech is Creating Individualised Patient Care

Eva van Rikxoort, CEO and Founder of Thirona, tells us how AI technology is advancing lung imaging and bringing more individualised treatment to patients

AstraZeneca’s Discovery Centre, Constructed by Mace Group

Technology & AI

NeoGenomics: Data in Oncology Testing & Diagnostics

AI & ML

Samsung’s New Health Software Development Kit Suite

Digital Healthcare