Are Surgical Robots Vulnerable to Hackers?

In the coming decades, it is believed that an increasing number of surgeries will be performed with real-world teleoperated robots. Unlike other surgical robots, a doctor doesn’t have to share the same room with these machines when operating them. As promising as this technology sounds, it does come with at least one caveat; a new study shows that hackers can assume control over such devices, leaving patients and doctors at the mercy of hostile outsiders.

Long-Distance Help… or Harm?

The spread of remotely operated robots could be highly beneficial on a worldwide scale, as it may allow doctors to tend to people residing in places that are difficult to access. Some potential beneficiaries include those living in developing countries, conflict zones or areas afflicted by natural disasters. Unfortunately, this equipment is not immune from the threat of cyber attacks.

Research released by the University of Washington (UW) highlighted the likelihood of such an event. For their project, the UW team set up a pegboard underneath a remote controlled device called the Raven II. With the aid of this machine, study participants were able to transport rubber blocks between pegs positioned on the board.

Wreaking Havoc

The study authors then set about disrupting the machine’s ability to function. One test revealed that a “man-in-the-middle” attack could disrupt the robot’s system. Using this tactic, the team succeeded in changing the commands sent to the Raven II, making it harder for the device to carry out its tasks.

The  machine’s network was also swamped with with an onslaught of extraneous data, an action commonly referred to as a denial of service attack. Upon being hit with a blast of useless information, the Raven II’s performance once again deteriorated. The robot’s formerly smooth movements became noticeably jerky, and subjects struggled to control the arms when attempting to pick up and transport blocks. Furthermore, the Raven II’s emergency stop mechanism was activated with only one batch of junk data.

Since the surgical device was only asked to perform relatively simple tasks, it was still able to have some degree of success in moving the blocks while under attack. However, the authors note that surgeries often require very precise and meticulous movements. Given this fact, a cyber attack that causes even a slight surgical misstep could be fatal.

Defensive Strategies

Current surgical robots receive information via private networks, a fact that limits their vulnerability to hacking attempts. But if real-world teleoperated robots are approved for public use, the risk of cyberattacks presents a serious challenge. For example, hackers could successfully seize control of a teleoperated robot in an area that lacks secure communication systems.

One possible approach for thwarting would-be hackers is to encrypt data sent to and from surgical machines. This option is not without drawbacks, as encrypting messages could use up valuable time during medical procedures. Likewise, coding information does nothing to solve the problem of denial of service attacks.

However, the UW researchers are hard at work developing a new way to protect remote controlled medical devices. Known as “operator signatures,” this security feature would foil hackers by documenting certain physical movements made by the robot’s operator. Essentially, the term describes the forces and torques (forces that cause objects to rotate) applied by people when using these machines.

By recording such information, teleoperated systems could theoretically identify specific users. Howard Chizeck, a UW professor of electrical engineering, offered a concise summary of operator signatures in a university press release. “Just as everyone signs something a little bit differently and you can identify people from the way they write different letters, different surgeons move the robotic system differently. This would allow us to detect and raise the alarm if all of a sudden someone who doesn’t seem to be operator A is maliciously controlling or interfering with the procedure.”