Finance Inquirer
No Result
View All Result
Wednesday, May 18, 2022
  • Login
  • Home
  • Business
  • Technology
  • Finance
  • Stock Market
  • Submit a News Releases
Subscribe
Finance Inquirer
  • Home
  • Business
  • Technology
  • Finance
  • Stock Market
  • Submit a News Releases
No Result
View All Result
Finance Inquirer
No Result
View All Result
Home Technology

Autonomous robots used in hundreds of hospitals at risk of remote hijacks

Tom Hagler by Tom Hagler
12.04.2022
in Technology
Autonomous robots used in hundreds of hospitals at risk of remote hijacks
152
SHARES
1.9k
VIEWS
Share on FacebookShare on Twitter

A decade ago security researcher Barnaby Jack famously wirelessly hacked a hospital insulin pump live on stage in front of hundreds of people to demonstrate how easily it could be compromised to deliver a lethal dose of medication. In the years that have passed, medical device security has gotten better, albeit with an occasional high-profile hiccup. But researchers are now finding vulnerabilities in newer hospital technologies that weren’t as ubiquitous a decade ago.

Enter autonomous hospital robots, the supposed-to-be-friendly self-controlled digital workhorses that can transport medications, bed linens, food, medications and laboratory specimens across a hospital campus. These robots, such as the ones built by robot maker Aethon, are equipped with the space to transport critical goods and security access to enter restricted parts of the hospital and ride elevators, all while cutting labor costs.

But researchers at Cynerio, a cybersecurity startup focused on securing hospital and healthcare systems, discovered a set of five never-before-seen vulnerabilities in Aethon robots, which they say allowed malicious hackers to remotely hijack and control these autonomous robots — and in some cases over the internet.

The five vulnerabilities, which Cynerio collectively call JekyllBot:5, aren’t with the robots themselves but with the base servers that are used to communicate with and control the robots that traverse the hallways of the hospitals and hotels. The bugs range from allowing hackers to create new users with high-level access in order to then log in and remotely control the robots and access restricted areas, snoop on patients or guests using the robot’s in-built cameras, or otherwise cause mayhem.

Asher Brass, the lead researcher on the Aethon vulnerabilities, warned that the flaws required a “very low skill set for exploitation.”

A screenshot from one of the cameras on an Aethon TUG robot. Image Credits: Cynerio

Cynerio said the base servers have a web interface that could be accessed from inside the hospital’s network, allowing “guest” users to view real-time robot camera feeds and their upcoming schedules and tasks for the day without needing a password. But although the robots’ functionality were protected by an “admin” account, the researchers said the vulnerabilities in the web interface could have allowed a hacker to interact with the robots without needing an admin password to log in.

One of the five bugs, the researchers said, exposed robots to remote control using a joystick-style controller in the web interface, while exploiting another one of the bugs to interact with door locks, call and ride elevators, and open and close medication drawers.

For the most part, the potential risk is limited if access to the robots’ base servers are confined to the local network, limiting access only to logged-in employees. The researchers said the risk was far greater for the hospitals, hotels or any other place that use these robots that have a base server connected to the internet, since the vulnerabilities can be triggered from anywhere on the internet.

Cynerio said they found evidence of internet-exposed robots in hospitals as well as facilities providing care to veterans. Aethon touts its robots in hundreds of hospitals around the world, many in the United States, accounting for thousands of robots.

The bugs were fixed in a batch of software and firmware updates released by Aethon, after Cynerio alerted the company to the issues. Aethon is said to have restricted internet-exposed servers to isolate the robots from potential remote attacks, and fixed other web-related vulnerabilities that affected the base station.

In a statement given to TechCrunch, CEO of ST Engineering Aethon, Peter Seiff, confirmed the vulnerabilities but declined to answer our questions, such as what percentage of its customers’ autonomous robots had been patched following the software update.

Read more:

  • How a simple security bug became a university campus ‘master key’
  • Security flaws in a popular smart home hub let hackers unlock front doors
  • Why are cybersecurity asset management startups so hot right now?
  • Trending
  • Comments
  • Latest
Boeing and Pfizer are among the companies and trade groups to have donated $8 million to Republicans who voted against certifying Biden’s election victory, a report says

Boeing and Pfizer are among the companies and trade groups to have donated $8 million to Republicans who voted against certifying Biden’s election victory, a report says

04.01.2022
Twitter Suspends mRNA Inventor Dr. Robert Malone

Twitter Suspends mRNA Inventor Dr. Robert Malone

29.12.2021
Anesthesiologist Salary in the USA.

Anesthesiologist Salary in the USA

24.01.2022
3 planes are flying potatoes into Japan to help tackle the country’s shortage of fries, which has caused McDonald’s to ration servings

3 planes are flying potatoes into Japan to help tackle the country’s shortage of fries, which has caused McDonald’s to ration servings

29.12.2021
Take the best photos of your life with the new vivo Y76 5G now available

Take the best photos of your life with the new vivo Y76 5G now available

Complete your Christmas shopping with up to 75% off on devices at vivo’s Big Christmas Sale on Shopee

Complete your Christmas shopping with up to 75% off on devices at vivo’s Big Christmas Sale on Shopee

AirPods 3 vs AirPods 2 – What’s the Difference?

AirPods 3 vs AirPods 2 – What’s the Difference?

Want to be a content creator? Here are 5 valuable tips from today’s top Pinoy online celebrities

Want to be a content creator? Here are 5 valuable tips from today’s top Pinoy online celebrities

The Location Guide, Filmmakers for Ukraine and EUFCN join forces for fundraiser at Cannes 2022

17.05.2022
Vladimir Potanin bought Tinkoff Bank. The amount of the deal was not disclosed

Vladimir Potanin bought Tinkoff Bank. The amount of the deal was not disclosed

12.05.2022
Vladimir Potanin bought Tinkoff Bank. The amount of the deal was not disclosed

Vladimir Potanin bought Tinkoff Bank. The amount of the deal was not disclosed

12.05.2022
Look at the images of Webb and the Spitzer telescope, which is already “retired

Look at the images of Webb and the Spitzer telescope, which is already “retired

12.05.2022

Recent News

The Location Guide, Filmmakers for Ukraine and EUFCN join forces for fundraiser at Cannes 2022

17.05.2022
Vladimir Potanin bought Tinkoff Bank. The amount of the deal was not disclosed

Vladimir Potanin bought Tinkoff Bank. The amount of the deal was not disclosed

12.05.2022

Categories

  • Business
  • Finance
  • Stock Market
  • Technology
  • Без рубрики

Site Navigation

  • Home
  • Contact Us
  • Submit a News Releases
Finance Inquirer

We offer multimedia features, easy channel navigation, strong social media presence and numerous engagement platforms that allow the readers to experience content anytime, anywhere, always.

No Result
View All Result
  • Home
  • Business
  • Technology
  • Finance
  • Stock Market
  • Submit a News Releases

© 2021 financeinquirer.com

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In