Hospital robots exposed to hackers after critical security vulnerabilities discovered
Zero-day vulnerability meant Tug robots could be hijacked by hackers
Sign up to our free weekly IndyTech newsletter delivered straight to your inbox
Sign up to our free IndyTech newsletter
Fleets of robots deployed to hospitals throughout the US were exposed to hackers after researchers discovered five critical security vulnerabilities with their software.
Researchers from the cyber security firm Cynerio found the bugs, dubbed JekyllBot:5, within Tug robots built by US-based manufacturer Aethon. The zero-day vulnerabilities, so called because there was no fix available when they were first uncovered, were reported to Aethon, who engineered and rolled out a patch to protect the bots.
The vulnerabilities would have allowed hackers to send the robots control commands, take photos, and access the system’s user database.
“These zero-day vulnerabilities required a very low skill set for exploitation, no special privileges, and no user interaction to be successfully leveraged in an attack,” said Asher Brass, head of cyber network analysis at Cynerio.
“If attackers were able to exploit JekyllBot:5. they could have completely taken over system control, gained access to real-time camera feeds and device data, and wreaked havoc and destruction at hospitals using the robots.”
Tug robots are designed to transport medication, linens and waste around hospitals and has been installed in hundreds of hospitals around the US.
Capable of carrying up to 600kg and travelling around 3kph, Cynerio warned that any hacker exploiting the bug would be able to use them to “crash into staff, visitors and equipment”.
The Independent has contacted Aethon for a comment about the security vulnerabilities.
The Tug robots are part of an emerging trend of hospitals employing robots to carry out increasingly sophisticated tasks. The researchers warned that the healthcare industry should prioritise security over all else due to the sensitivity of both the data processed and the robots’ physical surroundings.
“Hospitals need solutions that go beyond mere healthcare IoT (internet-of-things) device inventory checks to proactively mitigate risks and apply immediate remediation for any detected attacks or malicious activity,” said Cynerio founder Leon Lerman.
“Any less is a disservice to patients and the devices they depend on for optimal healthcare outcomes.”
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies