Research finds medical bots vulnerable to hacks during surgery
Wed 29 Apr 2015
Researchers at Seattle’s University of Washington have shown how easy it is to hack medical robots assisting in surgery.
The robotics team found numerous security vulnerabilities in tele-operated machines which are expected to eventually replace human surgeons in hospital environments. Tele-surgery has been a popular practice for doctors since the first successful gall bladder operation using the technology was conducted in France in 2001.
Although experts have outlined the various benefits of using surgical robots, like any other mechanical device they are inevitably prone to security flaws. Commands are typically communicated between the surgeon and robot across public networks and over a poor internet connection – increasing the risk of cyberattacks.
The University of Washington researchers used a Raven II robot to investigate the ways in which a cyberattack could interfere with surgery. The surgical bot has 2 operating arms, which are controlled via a sophisticated console unit which features a visual display screen and haptic feedback.
The research team led by Tamara Bonaci found that it could easily control the robot by hijacking the device across a traditional internet network.
The first test was a simple zero-knowledge attack designed to reorder the surgeon’s intent by deleting, delaying or rearranging messages. With the sequence commands received out of order the research report notes that the effect is a “jerky motion of [the] robot’s arms, immediately observable by experiment participants.”
A further hack targeted the surgical commands to modify the position and rotation of the operating arms. Once most of these attacks were launched, Bonaci again referred to a “noticeable impact on the Raven.” She suggested that “some of [the attacks] could have easily been prevented by using well-established and readily-available security mechanisms, including encryption and authentication.”
Discussing the implications of the proven hacks, Bonaci warned that “any security holes in tele-operated systems present an existential threat to the field of surgical robotics as a whole.
“Even if attacks are rare, any harm caused by a surgical robot could undermine the public’s faith in these systems.”
She added: “From a patient perspective, all the advantages in recovery or success rate that come from tele-operated surgery may not be worth the risk of having a potentially hijacked machine operate on them.”