Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Robotics Medicine Security

Researchers Mount Cyberattacks Against Surgery Robot 55

An anonymous reader writes: A group of researchers from University of Washington have tested the security of a teleoperated robotic surgery system created by their colleagues, and have found it severely lacking. "Teleoperated surgical robots will be expected to use a combination of existing publicly available networks and temporary ad-hoc wireless and satellite networks to send video, audio and other sensory information between surgeons and remote robots. It is envisioned these systems will be used to provide immediate medical relief in under-developed rural terrains, areas of natural and human-caused disasters, and in battlefield scenarios," the researchers noted, and asked: "But what if these robotic systems are attacked and compromised?"
This discussion has been archived. No new comments can be posted.

Researchers Mount Cyberattacks Against Surgery Robot

Comments Filter:
  • never underestimate people's capacity to be mind-glowingly evil...
    it seem's they have this thought in mind

    • *blowingly

    • never underestimate people's capacity to be mind-glowingly evil... it seem's they have this thought in mind

      Or overestimate the risk. Just think how many easy ways there are to rig something or randomly poison something and do great harm to people, yet it rarely happens the 'sneaky' way. More often someone will blatantly cause harm and to others and often themselves as well. I think for many the risk of getting caught doing something that evil via hacking is likely a deterrent as well. It certainly would bring pretty harsh penalties.

      I'm not saying we shouldn't take reasonable steps to prevent these risks, just

      • by zerro ( 1820876 )

        But to commit intentional murder or violence in a conventional way (usually) requires you to be present in the jurisdiction where the crime occurred, so at least in this new arena, it's entirely conceivable that an "attacker" (literally) could cause bodily injury, even death, without setting foot into any jursidiction where they have the "risk" of being apprehended or even extradited. ... that is, if you can even determine who the attacker was, or even if you can distinguish that there was a malicious actor

      • by cusco ( 717999 )

        The old saying of, "Never automatically credit to malevolence when stupidity or ignorance is is equally likely." If you can disable or misdirect the tool on purpose, it's likely that it can also be done by accident. In its day having your web site SlashDotted could be more destructive than an organized DOS attack, more than one web server was brought to its knees by being linked to in a SlashDot thread.

      • The evil I refer to is the idea of taking pains to commit random, motiveless murder of a helpless innocent victim for no reason other than to do it.

        Most murders have a highly relevant and particular motive to the murderer. Even terrorism has a motive, but to achieve that motive it must have a broad reach. Hacking a medical connection to kill one person won't achieve that.

        Yet surely, someone would do it just to prove they can.

        You might say a terrorist would want to do it many times over because that would be

        • Well, if they chose to attack a person using such a method then the punishment should fit the crime...
          They get a dangerous and unnecessary surgery of their very own...
          via dialup...
          with no firewall...
          using a system running Windows ME...

          That last one might be a step too far. (damn, I ran out of ellipsis!)
  • ...has already thought about this.
  • No excuse for this (Score:3, Interesting)

    by davidwr ( 791652 ) on Tuesday April 28, 2015 @01:25PM (#49571277) Homepage Journal

    You can't completely prevent your communication going down due to malice, accident, or acts of nature. When those fail you have to have a backup plan such as going into a failsafe mode.

    BUT You can and must detect interference and either correct for it or treat it like a total communications failure. There is no excuse for being fooled into taking instructions from an unauthorized party (well, unless the instruction is "you think I'm hacking your communications but I'm really doing a side-channel attack to trick you into doing what you normally do when you lose communications, now obey me and do what you normally do when your communications are hosed, thank you.").

  • by itzly ( 3699663 )

    Even with a secure link it's possible to overload the network with a denial of service attack.

    • Sure - but the implications of the robot going "dead" halfway through a surgery are much less severe than someone suddenly hijacking the signal and switching to "blender mode". A dead 'bot is still a problem, but you probably have on-site staff capable of at least attempting to stabilize the patient.

      • by itzly ( 3699663 )

        Sure, but a DoS attack is much easier to perform, much harder to resist, and can be continued for a long time. If you're halfway during a transplant, you can't really afford to wait.

        As for the rest of the stuff, you could simply run the connection through a VPN. That's probably smarter than trying to reinvent security protocols.

  • Great that they are thinking about security on the device long before they are implemented... but, I would think that it would be way more important to think about the connection these things are communicating over first...
     
    Seems to me that battlefield and rural areas would have the least reliable network connection possible. I would think that the bar would need to be raised in this area before SURGERY could be accomplished.

    • by itzly ( 3699663 )

      Depends... if somebody's critically wounded on the battlefield, and there's no local surgeon available, a 80% chance of a successful remote surgery is better than none.

    • Well, you probably have a local surgeon who could attempt the operation - the robot simply allows a specialist to do the job instead. If the datalink drops out the local surgeon can take over - it may drop the patient's recovery chances considerably, but nothing compared to having a scalpel-wielding robot suddenly go berserk on their innards.

      Also, did you miss the part where they said satellite links are one of the options? Probably the ONLY real option in the aftermath of a major natural disaster. And ba

  • And you thought _gamers_ complain about lag time on public networks. What about a robot with a knife in someone? Add to that the unreliability of battlefield network connections? This is not giving me the warm fuzzies...
  • Pay for real IT security staff. $250,000 a year each is a starting wage for Good ones. Until you do so you will have problems.

    WE need to stop with this bullshit of trying to get security without paying for it. Tell these morons, DUH! you refuse to pay for it. until they understand.

  • The attack will come from within.

  • This sounds like the perfect vehicle for the cloak-and-dagger set to eliminate high-value targets while they are most vulnerable. That frightens me quite a bit.
  • First they're doing surgery, then they're asking to join Starfleet. When does it end?
  • Why bother hacking into a single robot when comm links are fragile and you can bring everything down?
  • As an example, it's very hard to get any MDs or nurses in some of the emptier remote parts of WA, BC, and ID, and at times, even if you could drive it, it's 50-100 miles to the nearest hospital over mountain passes with a heck of a lot of snow where I grew up. Some days the highway won't reopen for a week.

    So something like this is way more important than you might realize.

    Links aren't that fragile in many of these remote areas, as a lot of our power generation is going on there, so you can piggyback on the

    • And again. It's not just the doctor that you can't get in rural areas. It's the nurse, the anesthetist, the OR tech, the OR, the pieces parts, the blood bank, the ventilator, etc. Surgery is a whole package. It is much safer to get the patient out to an institution that does the procedure on a regular basis than to try to hack through a treatment that the staff hasn't done in a year. Not everything goes right. Sometimes you want another specialist to help when surgical misadventures arise. Until the

      • Actually, the UW surgical robot is the one you see in the space training sequences of certain SF movies. Ender's Game specifically.

        It actually exists.

  • Look at where and when they plan to use these. It sounds like they intend them for situations where a live doctor is not available. If they use it in 10 emergencies, 1/2 of the time it is succesful and 1/2 of the time it is hacked then that's 5 lives saved that would have died and 5 lost that would have died anyway.

    Don't get me wrong, these things should be secured and the goal should be to save all 10. But.. no use letting the 5 lucky ones die just because it isn't ready yet!

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...