The discovery that some robot “friends” increasingly used in senior living communities can be vulnerable to cyberattacks is “a reminder of how important vulnerability assessment programs are for all technology companies,” according to Brian McWade, chief technology officer for Connected Living.
Earlier this month, McAfee’s Advanced Threat Research team revealed that it was able to remotely access Robotemi Global’s Temi personal robots, allowing mobile, audio and video tampering.
Through a partnership, Massachusetts-based Connected Living uses its technology in the robots, which Connecticut-based Maplewood Senior Living introduced into 15 communities in five states earlier this year. The interactive machines come with pre-configured tablets, Alexa-enabled skills, a TV channel with programming designed for residents, and a smartphone app to help seniors stay connected with their families.
Over three months, the McAfee security team tested the robots and found four separate vulnerabilities that could be used maliciously to spy on video calls, intercept calls intended for another user or remotely operate the robot, all without authentication.
“The vulnerabilities discovered in Temi now provide them a way to gather information about the internal operations of the business without needing to crack the well implemented business network or physical security,” researchers from the computer security software company wrote.
McAfee reported its findings to Robotemi Global on March 5. Together, they worked to adopt mitigations and successfully patched the vulnerabilities on July 15.
Connected Living’s McWade told McKnight’s Senior Living that the company became aware of the issue when it was announced by McAfee. He said McAfee worked with Temi confidentially and cooperatively to fix the security issues, and McAfee has approved Temi’s security mechanism as a “mature and reliable product.”
McWade said the main takeaway for Connected Living is that Temi worked proactively with McAfee to make the platform less vulnerable to hackers.
“This is a reminder of how important vulnerability assessment programs are for all technology companies,” he said. “Having processes in place to identify and fix possible / future vulnerabilities is crucial.”
Maplewood IT Director Tom Caprio said the company “has not experienced any of these vulnerabilities at our locations.”
“The issues addressed in the report were identified and alleviated by the Temi team back when they were discovered, before the robots were deployed within our communities,” he told McKnight’s Senior Living. “We continue to work closely with Robotemi to ensure our technology stays up to date and to get ahead of any potential concerns before they happen.”
McAfee commended Robotemi Global for being one of the “most responsive, proactive and efficient” companies with which it has worked.
“While we take seriously our obligation to inform vendors of our findings in a timely and responsible fashion, it is only through cooperation that the best results are possible. Our partnership with Robotemi on addressing these vulnerabilities was a perfect example of this,” said Steve Povolny, head of advanced threat research at McAfee. “They responded quickly to our private disclosure report, outlined to us their plans for mitigation and an associated timeline, and maintained a dialogue with us throughout the whole process. We even received feedback that they have further emphasized security in their products by approaching all development discussions with a security-first mindset as a result of this disclosure. The ultimate result is a product that is more secure for all who use it.”
Temi interacts with Maplewood residents via autonomous navigation, including 3-D mapping, navigation, user detection and tracking, obstacle avoidance and path planning; dynamic video, audio and artificial intelligence. The robots cruise around the communities, interacting with residents, and have become part of the fabric of each community now, Geyser said.
According to Connected Living, the virtual learning and engagement opportunities offered include live-streamed religious services, entertainment, education, and art and music therapy, including live concerts, lectures and virtual tours of museums and art galleries. The devices also can offer programming to reduce stress and anxiety, including guided meditation and yoga. Independent programming to keep residents engaged in their rooms or apartments includes reading materials, crossword puzzles, Sudoku, online trivia and gaming resources.
The robots also can connect residents with telehealth services.