April 23rd, 2014

0day in WowWee Rovio Robot

You can’t use it in your plot to take over the world with remote control robots yet, but there’s a new 0day in the WowWee Rovio that will allow remote snooping of the audio/video data that comes from the robot. Other things you can do remotely are get configuration data, update the firmware, and send things to the speaker. It looks like the Rovio is a fancy robotic pseudo-telepresence toy for your dog.

From the advisory text:

Unfortunately, Rovio’s access control mechanisms (username/password) are not
completely utilized across the platform even when enabled. Certain URLs and
RTSP Streaming capabilities of the device are accessible with no
authentication. Furthermore, deployment of the device in the default
configuration attempts to use UPnP to automatically configure your firewall to
allow external access to the mobile webcam platform.

Fun stuff.

2 Responses to '0day in WowWee Rovio Robot'

  1. 1John
    April 23rd, 2009 at 7:54 am

    Looks like at lease the RSTP hole is closed with Rovio latest firmware version 5.

  2. 2Deborah
    February 8th, 2012 at 3:04 pm

    Bonjour, Je me pemret de vous contacter via ce blog car je réalise actuellement un reportage pour le magazine 100% Mag (M6) sur les robots domestiques et dans ce cadre, je recherche des utilisateurs de Rovio. En avez-vous finalement fait l’acquisition? Et si oui, est-ce que participer à un reportage pour nous présenter votre robot vous tenterait?Merci !

Leave a Response

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS