Hacked surgical robot reveals security flaws

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.punemirror.in/others/scitech/Hacked-surgical-robot-reveals-security-flaws/articleshow/47205071.cms

To make cars as safe as possible, we crash them into walls to pinpoint
weaknesses and better protect the people who use them. That's the idea
behind a series of experiments conducted by a University of Washington team
which hacked a next generation tele-operated surgical robot - one used only
for research purposes - to test how easily a malicious attack could hijack
remotely controlled operations in the future and make those systems more
secure.

Real world tele-operated robots, which are controlled by a human who may be
in another physical location, are expected to become more commonplace as
the technology evolves. They're ideal for situations that are dangerous for
people: fighting fires in chemical plants, diffusing explosive devices or
extricating earthquake victims from collapsed buildings.

Outside of a handful of experimental surgeries conducted remotely, doctors
typically use surgical robots today to operate on a patient in the same
room using a secure, hardwired connection. But telerobots may one day
routinely provide medical treatment in underdeveloped rural areas,
battlefield scenarios, Ebola wards or catastrophic disasters happening half
a world away.

In two recent papers researchers demonstrated that next generation
teleoperated robots using nonprivate networks - which may be the only
option in disasters or in remote locations - can be easily disrupted or
derailed by common forms of cyberattacks. Incorporating security measures
to foil those attacks, the authors argue, will be critical to their safe
adoption and use.

"We want to make the next generation of telerobots resilient to some of the
threats we've detected without putting an operator or patient or any other
person in the physical world in danger," said lead author Tamara Bonaci.

ATTACKING SURGICAL ROBOTS

To expose vulnerabilities, the team mounted common types of cyberattacks as
study participants used a teleoperated surgical robot developed for
research purposes to move rubber blocks between pegs on a pegboard.

By mounting "man in the middle" attacks, which alter the commands flowing
between the operator and robot, the team was able to maliciously disrupt a
wide range of the robot's functions - making it hard to grasp objects with
the robot's arms - and even to completely override command inputs. During
denial-of-service attacks, in which the attacking machine flooded the
system with useless data, the robots became jerky and harder to use.

In some cases, the human operators were eventually able to compensate for
those disruptions, given the relatively simple task of moving blocks. In
situations where precise movements can mean the difference between life and
death - such as surgery or a search and rescue extrication - these types of
cyberattacks could have more serious consequences, the researchers believe.

With a single packet of bad data, for instance, the team was able to
maliciously trigger the robot's emergency stop mechanism, rendering it
useless.

Encrypting data packets that flow between the robot and human operator
would help prevent certain types of cyberattacks. But it isn't effective
against denial-of-service attacks that bog down the system with extraneous
data. With video, encryption also runs the risk of causing unacceptable
delays in delicate operations.

The team is also developing the concept of "operator signatures," which
leverage the ways in which a particular surgeon or other teleoperator
interacts with a robot to create a unique biometric signature.

By tracking the forces and torques that a particular operator applies to
the console instruments and his or her interactions with the robot's tools,
the researchers have developed a novel way to validate that person's
identity and authenticate that the operator is the person he or she claims
to be.

Moreover, monitoring those actions and reactions during a telerobotic
procedure could give early warning that someone else has hijacked that
process.

"Just as everyone signs something a little bit differently and you can
identify people from the way they write different letters, different
surgeons move the robotic system differently," Chizeck said. "This would
allow us to detect and raise the alarm if all of a sudden someone who
doesn't seem to be operator A is maliciously controlling or interfering
with the procedure."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!