Is it possible to hack into remotely operated surgical robots? The answer, according to a group of engineers, might alarm you. The team successfully hijacked a state-of-the-art teleoperated robot with the purpose of testing how hackable the technology is.
Teleoperated robots (which, as the name suggests, can be operated remotely) are particularly useful in high-risk situations, such as fighting fires in chemical plants or rescuing earthquake victims. Researchers at the University of Washington (UW) say these robots will become increasingly popular over the next few years as the technology evolves. They are currently being used during surgeries, albeit through secure, hardwired connections.
Using non-private networks
However, these robots may one day be used to provide operations in remote areas, or even in battlefield situations. In these scenarios, using non-private networks may be the only option. The UW BioRobotics Lab recently published two papers in which it suggests that teleoperated robots can be highly susceptible to cyber attacks in these situations. The researchers say incorporating security measures is important.
“We want to make the next generation of telerobots resilient to some of the threats we’ve detected without putting an operator or patient or any other person in the physical world in danger,” said lead author Tamara Bonaci, an electrical engineering PhD student.
For the study, Bonaci and her team summoned participants to use a teleoperated robot called Raven II. It was developed by UW for research purposes and is capable of moving rubber blocks between pegs on a pegboard. While the operators utilized the robot, the engineers attempted to hack into the system.
The team successfully disrupted a number of the robot’s functions and was able to override command inputs using “man- in- the- middle” attacks, which alter communication between the robot and the operator. The engineers also implemented denial-of-service attacks, which filled the system with useless data and caused the robot to become jerky.
Compensating the disruptions
Since the participants were simply moving the blocks, they were able to compensate for some of the disruptions. However, the researchers say they likely would not be able to compensate in situations in which precise movements are required (such as surgeries).
Currently, FDA-approved surgical robots use custom-made communication channels that run on private networks. The UW researchers say it’s significantly trickier to hack into those kinds of systems. However, it’s important to start implementing security measures for situations where secure networks may not be available.
Incorporating encrypted data packets
“If there’s been a disaster, the network has probably been damaged too,” said Howard Chizeck, a UW professor of electrical engineering. “So you might have to fly a drone and put a router on it and send signals up to it. In an ideal world, you’d always have a private network and everything could be controlled, but that’s not always going to be the case. We need to design for and test additional security measures now, before the next generation of telerobots are deployed.”
So how can engineers make these robots more secure? One option is to incorporate encrypted data packets. They would flow between the robot and the operator, boosting the security against cyber attacks. However, the robots would still be susceptible to denial-of-service attacks, which slow down the system with extraneous data.
Utilizing Biometric signatures
In response to this, UW engineers are developing a concept called “operator signatures,” which creates a one-of-a-kind biometric stamp for the machine’s user. It’s essentially a way of validating a surgeon’s identity based on his or her movements.
“Just as everyone signs something a little bit differently and you can identify people from the way they write different letters, different surgeons move the robotic system differently,” Chizeck explained. “This would allow us to detect and raise the alarm if all of a sudden someone who doesn’t seem to be operator A is maliciously controlling or interfering with the procedure.”
For more information, visit the UW BioRobotics Lab website.