We’re only in the third decade of the 21st century and we’ve already witnessed a raft of technological advancements that not even the most forward-thinking science-fiction writers could have predicted (though I’m still holding out hope for flying cars and jetpacks that actually work).
One of those advancements is the invention of autonomous hospital robots. Intended to cut labor costs, these guys can work independently, entering all areas of a hospital, transporting critical goods like transport bed linens, food, lab specimens, and medications.
Very convenient! And, unfortunately, not always very secure.
The main security vulnerabilities
According to TechCrunch, researchers at a hospital and cybersecurity startup, Cynerio, found five brand new vulnerabilities in robots made by the robot maker brand Aethon, which has thousands of robots working in hospitals worldwide. Five vulnerabilities, to be exact — which the researchers have named JekyllBot:5 — and they have never been seen before. The researchers warned they could allow hackers to hijack the robots remotely, perhaps even over the Internet.
The vulnerabilities lie with the robots’ base server, which controls and communicates with the robots. Cynerio researchers discovered that very little skill would be needed to exploit these vulnerabilities and potentially gain high-level access to the robots and proceed to use the robots’ cameras, spy on patients, and access restricted areas of a hospital. Although the robot web interface had a password-protected admin account, hackers could still potentially interact with a robot without needing to log in. They also found it was possible to access the base server’s web interface via the hospital’s guest network. Here, a hacker could easily view a robot’s schedule and camera feed.
The hospitals most at risk of these vulnerabilities were those that have the robots’ base server connected to the internet. Storing the base servers on a local network instead decreased the risk of exploitation significantly. Still, any risk at all is too much for machines that can gain access to patients, sensitive information, and medications. The potential for chaos in case of exploitation cannot be understated.
Fixing the problem
Fortunately, Cynerio alerted Aethon about the vulnerabilities. The company has since fixed the bugs in recent software and firmware updates, restricting Internet-exposed servers and addressing the many other web-related vulnerabilities. Still, it was a close call. This story highlights the importance of implementing strong security when using robots and related technologies for jobs generally performed by humans, particularly when so much sensitive data is at stake.
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.