Researchers analyzing anomalies in network traffic coming from a hospital elevator followed the trail to an unsecure TUG Home Base server, which is used to monitor and manage the Aethon TUG robots used by the hospital. The researchers found five separate security issues and attack vectors in the server and dubbed them JekyllBot:5. The issues included three exposed communication interfaces, one exposed web-based API, and one exposed WebSocket interface. If hackers were to exploit these vulnerabilities, they could assume full control of the robots, which are deployed to haul food, medication, lab specimens, and other supplies across facilities.
