RVD icon indicating copy to clipboard operation
RVD copied to clipboard

Published 20 hours ago verified publisher icon aliasrobotics

RVD#39: Remote Firmware Upgrade in Alpha 1S As

Open aliasbot opened this issue 7 years ago • 3 comments 

{
    "id": 39,
    "title": "RVD#39: Remote Firmware Upgrade in Alpha 1S As",
    "type": "vulnerability",
    "description": "It is possible to remotely upgrade the Alpha 1S firmware by sending an undocumented command through Bluetooth. Furthermore, binaries from UBTech are not cryptographically signed, in consequence, they could be replaced by malicious files that change the normal behaviour of the robots.\r\nThe following code from the EngineUpdateManager function on the Alpha 1S Android App downloads and installs an update file on the remote robot without checking the update's cryptographic integrity and authenticityIt is possible to upgrade its firmware by sending a special Bluetooth command and new firmware data. Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
    "cwe": "CWE-Download of Code Without Integrity Check (CWE-494)",
    "cve": "None",
    "keywords": [
        "malformed",
        "robot",
        "robot: Alpha 1S",
        "severity: critical",
        "state: new",
        "vendor: UBTech Robotics",
        "vulnerability"
    ],
    "system": "Alpha 1S",
    "vendor": "UBTech Robotics",
    "severity": {
        "rvss-score": "None",
        "rvss-vector": "RVSS:1.0/AV:L/AC:L/PR:N/UI:N/Y:T/S:C/C:H/I:H/A:N/H:H",
        "severity-description": "",
        "cvss-score": 0,
        "cvss-vector": ""
    },
    "links": [
        "https://github.com/aliasrobotics/RVD/issues/39"
    ],
    "flaw": {
        "phase": "unknown",
        "specificity": "N/A",
        "architectural-location": "N/A",
        "application": "N/A",
        "subsystem": "N/A",
        "package": "N/A",
        "languages": "None",
        "date-detected": "2017-03-01",
        "detected-by": "",
        "detected-by-method": "N/A",
        "date-reported": "2017-03-01",
        "reported-by": "",
        "reported-by-relationship": "N/A",
        "issue": "https://github.com/aliasrobotics/RVD/issues/39",
        "reproducibility": "",
        "trace": null,
        "reproduction": "",
        "reproduction-image": ""
    },
    "exploitation": {
        "description": "",
        "exploitation-image": "",
        "exploitation-vector": ""
    },
    "mitigation": {
        "description": "",
        "pull-request": "",
        "date-mitigation": null
    }
}

aliasbot avatar Aug 21 '18 14:08 aliasbot

Feedback (automatically generated):

  • FIXME: Flaw not identified as a vulnerability, weakness or exposure. Have you included # Vulnerability (or Weakness or Exposure) report at the top of the ticket?, see Vulnerability report template for more information or review other tickets to get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

github-actions[bot] avatar Oct 27 '19 17:10 github-actions[bot]

Feedback (automatically generated):

  • FIXME: Robot or Robot component not present in summary table or invalid, see Vulnerability report template for more information or review other tickets and get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

github-actions[bot] avatar Oct 29 '19 13:10 github-actions[bot]

Good morning, how are you? I have an Alpha 1S robot from Ubtech, but it doesn't work via bluetooth, researching I saw that it looks like it's a batch that was modified to work on a 433MHz RF module, I wanted to ask for your help, if there was any way to change it this configuration and reactivate the operation via bluetooth, I don't have much knowledge in this area, but I appreciate what you can help me with.

Kersrenox avatar Jun 18 '22 11:06 Kersrenox