Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Can a Teleoperated Surgical Robot Be Hacked? Yes.

April 29, 2015

An MIT Technology Review report says security experts were able to hack a telesurgery robot with relative ease. Disquieting, eh? Increasingly we are using telesurgery with an expert in one place controlling a robot in another that physically performs the necessary surgery. The sale of medical robots is increasing at a rate of 20 percent per year.

Tamara Bonaci and colleagues at the University of Washington in Seattle have examined pitfalls associated with the communications technology involved in telesurgery.

The first telesurgery took place in 2001 with a surgeon in New York successfully removing the gall bladder of a patient in Strasbourg in France, more than 6,000 kilometers away. The communications ran over a dedicated fiber provided by a telecommunications company specifically for the operation. Since then, surgeons have carried out numerous remote operations and begun to experiment with ordinary communications links over the Internet, which are significantly cheaper.

Let me stress that there are no recorded incidents of a hack taking place during telesurgery. But the possibility exists. Bonaci and her team used a telesurgery robot called Raven II, which was developed at the University of Washington. The robot consists of two surgical arms that are manipulated by a surgeon using a state-of-the-art control console which includes video and haptic feedback. The robot itself runs on a single PC running software based on open standards, such as Linux and the Robot Operating System. It communicates with the control console using a standard communications protocol for remote surgery known as the Interoperable Telesurgery Protocol.

This communication takes place over public networks that are potentially accessible to anyone. Because the robot is designed to work in extreme conditions, this communications link can be a low-quality connection to the Internet, perhaps even over wireless.

Instead of a real operation, the operator had the task of moving rubber blocks from one part of a peg board to another. The team used three types of attacks. The first changed the commands sent by the operator to the robot by deleting, delaying or re-ordering them. This caused the robot’s movement to become jerky.

The second type of attack modified the intention of signals from the operator to the robot by changing, say, the distance an arm should move or the degree it should rotate. These, as you might expect, had a noticeable impact.

The final category of attack was a hijacking that completely controlled the robot. This was easy since the Interoperable Telesurgery Protocol is publicly available. The team also did a kind of Denial of Service attack.

So what's the answer to protecting ourselves? It's one we all know well: Encryption. Just encrypt the communication between the control console and the robot. One caveat – encryption still allows man-in-the-middle attacks where an eavesdropper intercepts signals in both directions while fooling both parties into believing that they are still talking to each other. Encryption won't solve the problem of delaying, deleting or re-ordering the command packets, but it will prevent modification of the commands.

I expect Hollywood will conjure up a nightmare scenario involving this kind of hacking very soon.

E-mail:    Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
www.linkedin.com/in/sharondnelson