Zingbox Reveals Details of the Vulnerabilities in Telepresence Robots

Zingbox, the provider of the most widely deployed healthcare Internet of Things (IoT) analytics platform, today announced research detailing the vulnerabilities in telepresence robots that can be leveraged by hackers to access sensitive data such as chat conversations, images and live video streams.

Following the initial findings showcased at the RSA conference in April 2018, Zingbox security researchers continued to work with the manufacturers. These efforts resulted in five Common Vulnerabilities and Exposures (CVEs) outlining various vulnerabilities, ranging from unprotected credentials to unauthorized remote access. Zingbox is now releasing the details of the vulnerabilities after the manufacturers had an opportunity to address the issues.

“While much of the burden of ensuring device security falls on the healthcare providers, the collaboration between device manufacturers and security vendors is a critical component to assist healthcare providers,” said Daniel Regalado, principal security researcher at Zingbox and co-author of Gray Hat Hacking. “I commend the quick actions by the device manufacturers, which enable us to share additional details regarding this vulnerability and educate the industry on the latest cyber threats.”

The research provides details on how a telepresence robot can initially be targeted by intercepting firmware updates or gaining access via remote hacking. In addition to the theft of sensitive data, the report also details how a hacker can gain access to video recordings.

For more details, the full report is available here.