Surgical robots -- smart but insecure

Replacing a hacked credit card is an annoyance. Rebuilding a hacked identity can be a time-consuming and expensive headache.

But the potential damage from a hacked surgical robot makes those and just about every other threat trivial by comparison: It could threaten your life.

And that made a recent set of hacking demonstrations by a team of researchers from the University of Washington (UW) more than a bit unsettling, undermining some of the promise that remotely controlled surgical robots can bring to medical care -- delivering top-tier surgical expertise anywhere in the world.

The team reported in a recent paper that it was able to hack into the control system of the Raven II surgical robot, developed by UW and the University of Santa Cruz, and disrupt the directions from the surgeon.

Through vulnerabilities in the communications technology involved in telesurgery, they were able to launch several types of attacks and cause problems ranging from "jerky motion of robot's arms," modifying the instructions from the surgeon and even a complete takeover of the robot.

[ ALSO: Robots As the Next Big Industry? ]

The Raven II, designed to reduce the size of such robots while improving their durability so they can be used in extreme environments such as battlefields, has two arms that a surgeon controls from a console that includes video and haptic (tactile) feedback.

But, as the researchers noted, the robot software is based on open-source standards, such as Linux and the Robot Operating System, and communicates with the console over public, and in some cases wireless, networks, which are notoriously insecure.

"Due to the open and uncontrollable nature of communication networks, it becomes easy for malicious entities to jam, disrupt, or take over the communication between a robot and a surgeon," wrote lead author Tamara Bonaci and her five colleagues.

"We are able to easily stop the robot from ever being properly reset, thus effectively making a surgical procedure impossible," they wrote, also noting that the video connection was publicly available, allowing almost anybody to watch the operation in real time. (Also read: How Dangerous Could a Hacked Robot Possibly Be?)

The paper prompted a flurry of stories in the trade press. But some experts, while acknowledging the vulnerabilities and that the demonstration attacks are credible, say it should not cause panic -- they don't think this means every remote, robotic procedure is a catastrophe waiting to happen.

"Hacking anything is possible," said Lance Spitzner, research and community director for SANS Securing The Human. "But healthcare has a lot of bigger security issues than this."

Andrew Ostashen, senior security engineer at Redspin, had a similar take. While he believes, "the medical device community needs to act quickly to prevent these devices from falling even farther and farther behind in security," he also believes their benefits outweigh the risks.

So does Martin Fisher, director of information security at Wellstar Health System. "If there's a 5% chance of the device being hacked and you die, and a 95% chance of you dying without the treatment the device provides, which one are you going to take?" he asked.

And for now, these are only theoretical questions anyway, according to Danny Lieberman, CTO of Software Associates. "The Raven is an open-source research project, which is not cleared for commercial use by the FDA," he said, adding that if it were submitted to the FDA for clearance, "it would go through a very thorough safety and security review."

That would be a good thing, other experts say, since they believe it is crucial to address the vulnerabilities now, since the chances of attacks could increase in the future.

"Today this (hacking telesurgery) is probably unlikely," said Eric Cowperthwaite, vice president, advanced security and strategy at Core Security. "But I think it is important that we remember that what seems unlikely or not feasible today may become quite real tomorrow.

"Bad guys have already demonstrated that healthcare is a target, both for data theft and blackmail," he said. "So, a vulnerable telesurgery system could be used for blackmail, very easily."

Indeed, it raises the question of why there is not more attention paid to security when designing sophisticated surgical devices that use the public Internet. Yes, every "smart" technological device or system -- the smartphone, smart home, smart car etc. -- has been proven vulnerable to hacks used for espionage, theft of personal information or money, or blackmail.

But most of those attacks don't carry life-or-death risks.

When it comes to addressing the vulnerabilities, there is general agreement that the open-source component of the system is not the major problem.

"Open source means more eyeballs and that is good -- very good," Lieberman said.

Cowperthwaite agrees in general, that, "there are many great reasons why it should be used, including the ability to detect and remediate vulnerabilities within open source very quickly." He also said it is here to stay. "Open-source code has conquered the world," he said.

"But at the same time, we see clearly that vulnerabilities within open source can have extremely broad impact. Just think about Heartbleed, for example."

Ostashen has the same concern. "Open-source software allows the community to test for security vulnerabilities, but also allows the black hat community access to the source code, which in turn they can develop exploits," he said.

As is the case in every digital device, there is no way to make it 100% secure, but experts say there are a number of ways to improve it significantly.

The UW research team recommended encrypting data to and from the Raven II, along with better authentication, to prevent packet spoofing attacks, which they said would provide, "low-cost and high benefits to telerobotic surgery, mitigating many analyzed attacks."

But encryption does not prevent man-in-the-middle attacks.

Cowperthwaite believes, "better authentication is the key. Require digital certificates on both sides be exchanged to authenticate that each side is real," he said.

"Second, require TLS encryption of control sessions, etc. Third, healthcare simply has to get better at security generally," he said. "The Premera, CareFirst, Anthem and CHS attacks are not inspiring confidence right now."

Ostashen recommended that devices designed for remote, online surgery should, "have their own networks segregated from the corporate network to ensure the proper entities are the ones only accessing them.

"An example would be having technology in place to detect anomalies like malware or unauthenticated access to the network," he said. "If a surgeon is remote accessing these devices, implement VPN with two-factor authentication as well as IP whitelisting so that the surgeon has to access it from a secure dedicated location every time."

And there is unanimous agreement that even current security risks are far outweighed by the benefits of remote surgery.

"Regardless of the security risk, tele-medicine, including remote, robotic surgery, is going to bring about a massive improvement in the healthcare delivered in remote and undeveloped locations," Cowperthwaite said.

"It would be very short-sighted to deny dramatic improvements in healthcare because we cannot provide 100% security."

Join the CSO newsletter!

Error: Please check your email address.

Tags hacktivismUniversity of Washingtonrobotics21health careindustry verticals

More about LanceLinuxSoftware Associates

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts