Researchers hijack teleoperated surgical robot: Remote surgery hacking threats

Raven II surgical robot in Ender's Game
Credit: University of Washington

Security researchers launched cyberattacks against a teleoperated surgical robot; they easily hijacked the Raven II robot during surgery and launched a denial-of-service attack that stopped the robot and made it impossible for a surgeon to remotely operate.

When could a denial of service attack have lethal consequences? It could be fatal if it is launched at a “crucial point” during a surgery which is being conducted over the Internet by a surgeon via a teleoperated robot.

When a surgeon cannot physically be in a specific location, but a robot could, then telesurgery could allow a surgeon to operate via a robotic system from a remote location; teleoperated surgical robots could be used to save lives in underdeveloped rural areas, locations affected by natural or human-caused disasters and battlefield scenarios. Yet security has not been a concern for telerobotic surgery, even though there is a 20% yearly increase in the number of robots sold. The authors of a recent research paper asked, “What if the computer systems for these robots are attacked, taken over and even turned into weapons?” They referenced Stuxnet as an example of what can happen when a cyber-physical system, aka embedded system, is targeted.

A team of bright minds from the University of Washington Departments of Electrical Engineering and of Computer Science and Engineering identified “a slew of possible cyber security threats.” During research supported by the National Science Foundation, they were able to “maliciously control a wide range of robots functions, and even to completely ignore or override command inputs from the surgeon.” But those aren’t the only attacks they demonstrated in “To Make a Robot Secure: An Experimental Analysis of Cyber Security Threats Against Teleoperated Surgical Robots.” They also found “that it is possible to abuse the robot’s existing emergency stop (E-stop) mechanism to execute efficient (single packet) attacks.”

The researchers set out to determine how easily an attacker could compromise a teleoperated surgery system and what cyberattacks could be successfully launched. For their analysis, they used the robotic surgery platform Raven II which was developed by the University of Washington and was featured in the film Ender’s Game.

Raven II surgical robot University of Washington

The Raven II has “two winglike arms that end in tiny claws” which were designed to hold surgical tools in order to perform surgery via commands sent over the Internet. “A surgeon sitting at a screen can look through Raven’s cameras and guide the instruments to perform a task such as suturing,” explained UW. The Raven II robot runs on a PC running the Robot Operating System (ROS), which is open-source control software. The Raven communicates “with the control console using a standard communications protocol for remote surgery known as the Interoperable Telesurgery Protocol,” a publicly available protocol that the researchers were able to easily hijack. “We effectively took control over the teleoperated procedure,” they wrote (pdf).

In hijacking attacks, a malicious entity causes the robot to completely ignore the intentions of a surgeon, and to instead perform some other, potentially harmful actions. Some possible attacks includes both temporary and permanent takeovers of the robot, and depending on the actions executed by the robot after being hijacked, these attacks can be either very discreet or very noticeable.

While some people do die on an operating table, death on an operating table due to a denial-of-service attack is hard to imagine. However, in another hijacking attack, the researchers were able to abuse the robot’s safety mechanism that is meant to prevent the robot’s arms from moving too fast or outside of the allowed area. “Every time the Raven’s arms are commanded to move too fast, or go to an unsafe position, the robot’s software imposes a system-wide halt, referred to as a software E-stop.” Yet they found “that it is possible to abuse the robot’s emergency stop (E-stop) to execute efficient (one packet) denial-of-service attacks.”

The research team added:

By sending a leading packet to the robot, where at least one of the changes in position or rotation is too large, and would cause the Raven to either go too fast or to go to a forbidden region, we are able to E-stop the robot. Moreover, by repeatedly sending a malicious leading packet as the one just described, we are able to easily stop the robot from ever being properly reset, thus effectively making a surgical procedure impossible.

In another of the three types of cyberattacks studied, the researchers said an attacker could directly impact a surgeon’s intended actions by modifying his/her messages while packets are in-flight to make the robot’s real-time responsiveness movements jerky and difficult to control. Some of the attacks included changing the surgeon’s packets on-the-fly by “deleting, delaying or re-ordering” commands before sending them to Raven, such as commanding the robot to change position or rotation. The team wrote, “Most of these attacks had a noticeable impact on the Raven immediately upon launch.”

Besides increasing awareness of security issues in cyber-physical systems, the researchers showed attacks against Raven II resulted in breaching “several concerning elements of the system over a wide attack surface, and some extremely efficiently (with a single packet).” They concluded that “some of these attacks could have easily been prevented by using well-established and readily-available security mechanisms, including encryption and authentication.” Yet “encrypting and authenticating video feedback will likely cause an unacceptable decrease in packet throughput rate.”

Lastly, the researchers believe that the concerns they presented “are not unique to teleoperated surgery, but are common to all teleoperated robots. Because of the wide variety of physical and digital capabilities these systems wield, telerobotic security needs to become front-and-center.”

A look inside the Microsoft Local Administrator Password Solution
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies