Once limited to the realm of science fiction, robotics now plays a vital role in many industries, including manufacturing, agriculture, and even medicine. Despite this, the kind of robot that interfaces with people directly - outside of the occasional toy or vacuum - threatens to remain an inhabitant of fiction for the foreseeable future. Teleconference robots, a rapidly growing niche, may help make that fiction a reality. Robots such as these have found use in consumer, enterprise, retail, and even medical environments and some are even capable of autonomous movement. It’s precisely these features, however, that make them a valuable target for hackers. Unlike a simple camera exploit, compromising such a device would grant an attacker mobility in addition to audio/video, greatly increasing their ability to spy on victims in the most private of situations - their homes, medical appointments, or workplaces. Not knowing when to quit, McAfee Advanced Threat Research uncovered four 0-day vulnerabilities in a popular teleconference robot. We’ll show how an attacker armed with nothing besides the victim’s phone number could exploit these vulnerabilities to intercept or join an existing call, gain access to the robot’s camera and microphone, and even achieve “owner” privileges, granting the ability to remotely control the robot - all with zero authentication. Bio: Mark Bereza is a security researcher and new addition to McAfee's Advanced Threat Research team. A recent alumnus of Oregon State's Computer Science systems program, Mark's work has focused primarily on vulnerability discovery and exploit development for embedded systems. Mark previously presented at DEFCON 27, less than 6 months after graduating college.