The First to Hack a Teleoperated Surgical Robot,
UW EE Researchers Prove Security Risks Exist
A teleoperated surgical robot has been hacked for the first time— by a team of UW researchers with good intentions. The researchers, including several Electrical Engineering graduate students in the BioRobotics Lab, demonstrate how these robots are vulnerable to cyber attacks when used in remote settings.
Their research, described in a recently published ArXiv paper, comes at a time when medical robot sales are increasing by 20% per year. With the potential to perform medical procedures in underdeveloped areas, battlefields and even disaster zones, medical robots may one day keep medical professionals safe from dangerous areas and terrain, while saving travel time. Despite the many benefits, however, medical robots are vulnerable to being attacked, manipulated and even turned into weapons. The goal of this work is to understand the vulnerabilities and develop methods to withstand them.
“This research emphasizes the need to understand security and privacy issues around the emerging cyber-physical systems and to include these considerations into the system design process,” said Tamara Bonaci, Electrical Engineering Ph.D. student.
While medical robots used in current clinical settings transmit information between surgeons and robots via secure networks, long-distance operation of surgical robots operating in remote settings may need to rely on a combination of publicly available networks and temporary ad-hoc wireless and satellite networks.
To test the feasibility of various cyber-attacks, the researchers conducted tests on the Raven II, a surgical robot developed at the UW. It is a research platform for the development of future surgical robots, used in approximately a dozen labs worldwide, but is not currently approved by the FDA for human use. By exploring cyber-attacks on the Raven II, researchers identified a number of cyber security threats, such as the ability to override commands traveling from the surgeon to the robot, and to misuse the robot’s emergency stop, a safeguard mechanism to stop the robot in case of an emergency.
Based on their discoveries, the researchers suggest methods to prevent cyber attacks, the first step being encryption and authentication of all communication between the surgeon and the robot. The researchers are also looking into other possible solutions, potentially leveraging the physical component of the emerging cyber-physical system.
Paper authors are Ph.D. students Tamara Bonaci, Jeffrey Herron and Junjie Yan, Electrical Engineering Professor Howard Chizeck, Computer Science & Engineering Department faculty member Tadayoshi Kohno and recent CSE graduate Tariq Yusuf. Their work is funded by an NSF grant.