search

aliasrobotics / RVD

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.
https://aliasrobotics.com
GNU General Public License v3.0
173 stars 31 forks source link

RVD#39: Remote Firmware Upgrade in Alpha 1S As #39

Open aliasbot opened 6 years ago

aliasbot commented 6 years ago 
{
    "id": 39,
    "title": "RVD#39: Remote Firmware Upgrade in Alpha 1S As",
    "type": "vulnerability",
    "description": "It is possible to remotely upgrade the Alpha 1S firmware by sending an undocumented command through Bluetooth. Furthermore, binaries from UBTech are not cryptographically signed, in consequence, they could be replaced by malicious files that change the normal behaviour of the robots.\r\nThe following code from the EngineUpdateManager function on the Alpha 1S Android App downloads and installs an update file on the remote robot without checking the update's cryptographic integrity and authenticityIt is possible to upgrade its firmware by sending a special Bluetooth command and new firmware data. Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
    "cwe": "CWE-Download of Code Without Integrity Check (CWE-494)",
    "cve": "None",
    "keywords": [
        "malformed",
        "robot",
        "robot: Alpha 1S",
        "severity: critical",
        "state: new",
        "vendor: UBTech Robotics",
        "vulnerability"
    ],
    "system": "Alpha 1S",
    "vendor": "UBTech Robotics",
    "severity": {
        "rvss-score": "None",
        "rvss-vector": "RVSS:1.0/AV:L/AC:L/PR:N/UI:N/Y:T/S:C/C:H/I:H/A:N/H:H",
        "severity-description": "",
        "cvss-score": 0,
        "cvss-vector": ""
    },
    "links": [
        "https://github.com/aliasrobotics/RVD/issues/39"
    ],
    "flaw": {
        "phase": "unknown",
        "specificity": "N/A",
        "architectural-location": "N/A",
        "application": "N/A",
        "subsystem": "N/A",
        "package": "N/A",
        "languages": "None",
        "date-detected": "2017-03-01",
        "detected-by": "",
        "detected-by-method": "N/A",
        "date-reported": "2017-03-01",
        "reported-by": "",
        "reported-by-relationship": "N/A",
        "issue": "https://github.com/aliasrobotics/RVD/issues/39",
        "reproducibility": "",
        "trace": null,
        "reproduction": "",
        "reproduction-image": ""
    },
    "exploitation": {
        "description": "",
        "exploitation-image": "",
        "exploitation-vector": ""
    },
    "mitigation": {
        "description": "",
        "pull-request": "",
        "date-mitigation": null
    }
}
github-actions[bot] commented 4 years ago

Feedback (automatically generated):

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

github-actions[bot] commented 4 years ago

Feedback (automatically generated):

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

Kersrenox commented 2 years ago

Good morning, how are you? I have an Alpha 1S robot from Ubtech, but it doesn't work via bluetooth, researching I saw that it looks like it's a batch that was modified to work on a 433MHz RF module, I wanted to ask for your help, if there was any way to change it this configuration and reactivate the operation via bluetooth, I don't have much knowledge in this area, but I appreciate what you can help me with.