Critical vulnerabilities found in Aethon TUG smart autonomous mobile robots could give a remote attacker control over the device. (Photo credit: "U.S. Navy Doctors, Nurses and Corpsmen Treat COVID Patients in the ICU Aboard USNS Comfort" by NavyMedicine is marked with CC PDM 1.0.)

A group of five critical zero-day vulnerabilities found in Aethon TUG smart autonomous mobile robots could give a remote attacker control over the device and its console, according to new research from Cynerio. The findings have been dubbed JekyllBot:5 and were responsibly disclosed to Aethon.

The Cynerio Live research team examined the Aethon TUG robots, which are used in hundreds of global hospitals to deliver medications and maintenance supplies, in addition to performing simple manual labor and other uncomplicated tasks.

The flaws were discovered during a deployment on a customer hospital, when a researcher detected anomalous network traffic “that seemed related to the elevator and door sensors.”

The discovery uncovered a connection from the elevator to a server with an open HTTP port, which gave the researcher access to a company web portal that contained information on both the hospital and the robot itself, including images and videos of the hospital.

The most critical flaw, CVE-2022-1070, is ranked 9.8 in severity. The “product does not adequately verify the identity of actors at both ends of a communication channel, nor does it adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.”

As a result, a successful exploit would allow an unauthenticated attacker to connect to the TUG Home Base Server web socket and take control of the device.

The CVE-2022-1066 and CVE-2022-26423 vulnerabilities are both ranked 8.2 in severity and caused by the device failing to perform an authorization check when an actor attempts to access a resource or perform an action.

A successful exploit of either flaw would enable an unauthenticated actor to arbitrarily add new users with admin privileges, delete or modify existing users, and/or freely access hashed user credentials.

The final two flaws, CVE-2022-27494 and CVE-2022-1059, are ranked 7.6 in severity and caused by the software failing to or incorrectly neutralizing “user-controllable input before it’s placed in output,” used as a web page for other users.

These flaws leave the Fleet Management console’s ‘reports’ and ‘load’ tabs vulnerable to cross-site scripting attacks when creating or editing new reports.

JekyllBot is found within the TUG Homebase Server’s JavaScript and API implementation and a websocket. These elements rely on absolute trust to perform commands, spotlighting the major security issue at the core of the robots’ operating system.

“The security components underpinning Aethon Tug devices were located in the JavaScript running in the browser of the user connected to their portal,” according to the report. “This meant that all security measures in place for these devices could be bypassed… and every action Cynerio researchers subsequently tested were not validated or checked by the system.”

The concern is that these robots “are able to access otherwise restricted areas of the hospital,” given its collection of sensors and cameras able to move without human interaction.

Cynerio has worked closely with Aethon to ensure the latest firmware included patches and fixes for these flaws, long before releasing the report detailing the potential impacts.

The report details the range of activities the researchers were able to perform upon exploiting the flaws. As previously discussed, vulnerability disclosures are crucial to understanding existing security gaps in the healthcare setting, but the most likely and relevant attack methods are those an attacker could perform at scale.

For the JekyllBot:5, the most pressing risk is that it could enable a threat actor to exploit the flaw to access medical records, disrupt tasks, and “hijack legitimate administrative user sessions in the robots’ online portal and inject malware through their browser to perpetuate further cyberattacks.”

Overall, it’s important to note that these flaws could be exploited over the network and internet, requiring a low skillset, no privileges, and no interaction. The research found the robots mostly likely don’t allow security agents to be installed, so the only mitigation would be to apply the updates or completely reconfigure the devices’ operating system.

As such, all hospitals using the impacted robots are being urged to apply the latest patch with the updated firmware to prevent an exploit. Cynerio also recommends ensuring no external internet activity is enabled on the device, while segmenting their network to restrict access if an exploit occurs.