Open
Description
{
"id": 39,
"title": "RVD#39: Remote Firmware Upgrade in Alpha 1S As",
"type": "vulnerability",
"description": "It is possible to remotely upgrade the Alpha 1S firmware by sending an undocumented command through Bluetooth. Furthermore, binaries from UBTech are not cryptographically signed, in consequence, they could be replaced by malicious files that change the normal behaviour of the robots.\r\nThe following code from the EngineUpdateManager function on the Alpha 1S Android App downloads and installs an update file on the remote robot without checking the update's cryptographic integrity and authenticityIt is possible to upgrade its firmware by sending a special Bluetooth command and new firmware data. Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
"cwe": "CWE-Download of Code Without Integrity Check (CWE-494)",
"cve": "None",
"keywords": [
"malformed",
"robot",
"robot: Alpha 1S",
"severity: critical",
"state: new",
"vendor: UBTech Robotics",
"vulnerability"
],
"system": "Alpha 1S",
"vendor": "UBTech Robotics",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:L/AC:L/PR:N/UI:N/Y:T/S:C/C:H/I:H/A:N/H:H",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/39"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-03-01",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2017-03-01",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/39",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}