Surgical robots – smart but insecure

surgical robot

A da Vinci Surgical System at Addenbrooke's Treatment Centre during the 2015 Cambridge Science Festival.

Credit: Cmglee

Remote surgical robotics offers the promise of bringing the best medical expertise anywhere in the world. But, so far, it can also be risky business, as a team of researchers demonstrated in a series of hacks


Replacing a hacked credit card is an annoyance. Rebuilding a hacked identity can be a time-consuming and expensive headache.

But the potential damage from a hacked surgical robot makes those and just about every other threat trivial by comparison: It could threaten your life.

And that made a recent set of hacking demonstrations by a team of researchers from the University of Washington (UW) more than a bit unsettling, undermining some of the promise that remotely controlled surgical robots can bring to medical care – delivering top-tier surgical expertise anywhere in the world.

The team reported in a recent paper that it was able to hack into the control system of the Raven II surgical robot, developed by UW and the University of Santa Cruz, and disrupt the directions from the surgeon.

Through vulnerabilities in the communications technology involved in telesurgery, they were able to launch several types of attacks and cause problems ranging from “jerky motion of robot’s arms,” modifying the instructions from the surgeon and even a complete takeover of the robot.

[ ALSO: Robots As the Next Big Industry? ]

The Raven II, designed to reduce the size of such robots while improving their durability so they can be used in extreme environments such as battlefields, has two arms that a surgeon controls from a console that includes video and haptic (tactile) feedback.

But, as the researchers noted, the robot software is based on open-source standards, such as Linux and the Robot Operating System, and communicates with the console over public, and in some cases wireless, networks, which are notoriously insecure.

lance spitzner

Lance Spitzner, research & community director, SANS Securing The Human Program

“Due to the open and uncontrollable nature of communication networks, it becomes easy for malicious entities to jam, disrupt, or take over the communication between a robot and a surgeon,” wrote lead author Tamara Bonaci and her five colleagues.

“We are able to easily stop the robot from ever being properly reset, thus effectively making a surgical procedure impossible,” they wrote, also noting that the video connection was publicly available, allowing almost anybody to watch the operation in real time. (Also read: How Dangerous Could a Hacked Robot Possibly Be?)

The paper prompted a flurry of stories in the trade press. But some experts, while acknowledging the vulnerabilities and that the demonstration attacks are credible, say it should not cause panic – they don’t think this means every remote, robotic procedure is a catastrophe waiting to happen.

“Hacking anything is possible,” said Lance Spitzner, research and community director for SANS Securing The Human. “But healthcare has a lot of bigger security issues than this.”

Andrew Ostashen, senior security engineer at Redspin, had a similar take. While he believes, “the medical device community needs to act quickly to prevent these devices from falling even farther and farther behind in security,” he also believes their benefits outweigh the risks.

So does Martin Fisher, director of information security at Wellstar Health System. “If there's a 5% chance of the device being hacked and you die, and a 95% chance of you dying without the treatment the device provides, which one are you going to take?” he asked.

And for now, these are only theoretical questions anyway, according to Danny Lieberman, CTO of Software Associates. “The Raven is an open-source research project, which is not cleared for commercial use by the FDA,” he said, adding that if it were submitted to the FDA for clearance, “it would go through a very thorough safety and security review.”

That would be a good thing, other experts say, since they believe it is crucial to address the vulnerabilities now, since the chances of attacks could increase in the future.

“Today this (hacking telesurgery) is probably unlikely,” said Eric Cowperthwaite, vice president, advanced security and strategy at Core Security. “But I think it is important that we remember that what seems unlikely or not feasible today may become quite real tomorrow.

“Bad guys have already demonstrated that healthcare is a target, both for data theft and blackmail,” he said. “So, a vulnerable telesurgery system could be used for blackmail, very easily.”

Indeed, it raises the question of why there is not more attention paid to security when designing sophisticated surgical devices that use the public Internet. Yes, every “smart” technological device or system – the smartphone, smart home, smart car etc. – has been proven vulnerable to hacks used for espionage, theft of personal information or money, or blackmail.

But most of those attacks don’t carry life-or-death risks.

When it comes to addressing the vulnerabilities, there is general agreement that the open-source component of the system is not the major problem.

“Open source means more eyeballs and that is good – very good,” Lieberman said.

Cowperthwaite agrees in general, that, “there are many great reasons why it should be used, including the ability to detect and remediate vulnerabilities within open source very quickly.” He also said it is here to stay. “Open-source code has conquered the world,” he said.

eric cowperthwaite

Eric Cowperthwaite, vice president, advanced security and strategy, Core Security

“But at the same time, we see clearly that vulnerabilities within open source can have extremely broad impact. Just think about Heartbleed, for example.”

Ostashen has the same concern. “Open-source software allows the community to test for security vulnerabilities, but also allows the black hat community access to the source code, which in turn they can develop exploits,” he said.

As is the case in every digital device, there is no way to make it 100% secure, but experts say there are a number of ways to improve it significantly.

The UW research team recommended encrypting data to and from the Raven II, along with better authentication, to prevent packet spoofing attacks, which they said would provide, “low-cost and high benefits to telerobotic surgery, mitigating many analyzed attacks.”

But encryption does not prevent man-in-the-middle attacks.

Cowperthwaite believes, “better authentication is the key. Require digital certificates on both sides be exchanged to authenticate that each side is real,” he said.

“Second, require TLS encryption of control sessions, etc. Third, healthcare simply has to get better at security generally,” he said. “The Premera, CareFirst, Anthem and CHS attacks are not inspiring confidence right now.”

Ostashen recommended that devices designed for remote, online surgery should, “have their own networks segregated from the corporate network to ensure the proper entities are the ones only accessing them.

“An example would be having technology in place to detect anomalies like malware or unauthenticated access to the network,” he said. “If a surgeon is remote accessing these devices, implement VPN with two-factor authentication as well as IP whitelisting so that the surgeon has to access it from a secure dedicated location every time.”

And there is unanimous agreement that even current security risks are far outweighed by the benefits of remote surgery.

“Regardless of the security risk, tele-medicine, including remote, robotic surgery, is going to bring about a massive improvement in the healthcare delivered in remote and undeveloped locations,” Cowperthwaite said.

“It would be very short-sighted to deny dramatic improvements in healthcare because we cannot provide 100% security.”

This story, "Surgical robots – smart but insecure" was originally published by CSO.

Drexel and announce Analytics 50 award winners
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies