Surgical robot makers are just as good at security as the rest of the world - ie, hopeless - according to University of Washington infosec boffins.
The researchers targeted a product of their own university's research, a telesurgery unit called the Raven II, and among other things found an exploitable safety mechanism in the device.
Since the robot is designed to be remotely controlled over the Internet, it needs a failsafe in case a surgeon commands a dangerous movement – moving the arm too fast, or into an unsafe position. If that happens, the system gets halted in what's called a “software E-stop”.
All that's needed, however, is for an an attacker to send a single packet giving a dangerous instruction and the E-stop will be invoked; and if the attacker hoses the robot with lots of malicious packets, they can “stop the robot from ever being properly reset, thus effectively making a surgical procedure impossible”.
Raven II: telesurgery for hackers. Image: University of Washington
Their paper, at Arxiv, shows off a bunch of other amusing vulnerabilities. The robot can be hijacked by fooling around with TCP/IP sequence numbering; this makes the device think there have been lost packets between surgeon and robot, and it establishes a new session with the attacker.
A man-in-the-middle attacker can also change the contents of surgeon's packets, giving the robot new instructions (a “surgeon's intent modification” attack).
Getting the network to drop lots of the surgeon's instruction packets makes the robot's motion “delayed and jerky”, the researchers write, and a similar impact also comes from intercepting the surgeon's instructions and forwarding the packets in the wrong order.
Unsurprisingly, the simplest way to defeat these attacks is to sling all traffic between surgeon and robot over an encrypted tunnel – a VPN, if
idiot legislators politicians don't ban such things – so that an attacker can't fool around with the traffic.
However, putting robots in charge of life-and-death applications isn't somewhere that security after-the-fact is a great idea. ®