Vulnerability

    AIBO Robots

Affected

    - AIBO ERS-110 Aperios OS
    - AIBO ERS-111 Aperios OS

Description

   WARNING: I know that some people will take this seriously, so DON'T!

    Jamie  Rishaw "found" following.   A  vulnerability  involving the
    Visual authentication  algorithm has  recently been  identified in
    the Sony, Inc. "AIBO" Entertainment Robot.  Owners of AIBO  Robots
    are encouraged to upgrade their Aperios DogOS soon as possible.

    The AttackBite() control has  a serious vulnerability that  allows
    remote intruders within earshot of AIBO to execute arbitrary code.
    Scripts  are  proliferating  the  Internet  with new routines such
    as       PeeOnRug(),       ShoeChew(),       KillTheCat()      and
    AttackOwnersGenitals().   The  latter,  classified  by  CERT  as a
    "Denial of Service" attack, is  most vicious, and for this  reason
    CERT  encourages  immediate  patch  implementation.   Some  common
    cicrumstances under which this vulnerability can be exploited  are
    addressed by the Sony patch; others are not.

    There are at least  three distinct vulnerabilities in  the ERS-110
    and ERS-111 implementation of the Aperios software.  All of  these
    vulnerabilities may  be exploited  to effect  Quicker-Picker-Upper
    and Owner  Discomfort attacks  with varying  degrees of  severity.
    Owners are advised, until  patch completion, to guard  themselves,
    and to have extra paper towels on hand.

    - The  AIBO  Sound  Controller,  when  configured to play  Britney
      Spears' "Oops, I Did It Again,"  will cause AIBO to lift a  hind
      leg  and  spontaneously  leak   battery  juice  on  the   floor,
      simulating  a  urination  (female  ERS-110 models "squat" during
      this exploit).

    - The  buffer used  to hold  the variable  MyOwner in the function
      process_face()   can   be   overflowed,   reverting   AIBO  into
      experimental AiboPitBull  code.   When combined  with the  Sound
      Controller's Performance Mode  signal, unpatched AIBO  units can
      receive  arbitrary   code,  and   multiple  reports   of   owner
      emasculation have been reported.

    - (Unverified) Owners who accidentally have left their  television
      on late at night have reported incidents of AIBO attacking their
      small children  and pets  within minutes  of the  airing of "Tom
      Vu's Real Estate Seminar," The Story of A Vietnamese Immigrant's
      rags-to-riches Infomercial.

    - Two reports have been submitted where a race condition involving
      Tom Vu's Real  Estate Seminar and  presence of Richard  Simmons'
      "Farewell to Fat" have caused AIBO units to "die".

    Depending on the version of  AIBO, the environment in which  it is
    running, and  the particular  vulnerability that  is exploited,  a
    remote attacker can cause one or more of the following:

        - The AIBO to attack its owner,
        - The  AIBO  to  wake,  walk  off its base station and  attack
          children/pets,
        - The AIBO to generate Cyber-Body-Fluid and/or Excretion, and/or
        - The AIBO to die.

Solution

    Upgrade your version  of AIBO Aperios  DogOS.  If  you are running
    vulnerable Aperios  and cannot  upgrade, you  are strongly advised
    to remove  the battery  from AIBO's  behind and  contact Sony  for
    more assistance.

    "CERT" and  "CERT Coordination  Center" had  absolutely nothing to
    do with this advisory, and do not support it.  It's a parody.