Hacking telesurgery robots, a concrete risk

Hacking telesurgery robots, a concrete risk by Pierluigi Paganini.

From the post:

Technology will help humans to overwhelm any obstacle, one of them is the concept of space that for some activities could represent a serious problem. Let’s think for example to a life-saving surgery that could be performed by surgeons that are physically located everywhere in the world.

Telesurgery is a reality that could allow experts in one place controlling a robot in another that physically performs the surgical operation. The advantages are enormous in term of cost saving, and timely intervention of the medical staff, but which are the possible risks.

Telesurgery relies on sophisticated technology for computing, robotics and communications, and it’s easy to imagine the problem that could be caused by a threat actor.

The expert Tamara Bonaci and other colleagues at the University of Washington in Seattle have analyzed possible threats to the telesurgery, being focused on the possible cyber attacks that modify the behavior of a telerobot during surgery.

One more cyberinsecurity to add to the list!

Professional hand wringers can keep hand wringing, conference speakers can intone about the absolute necessity of better security, governments can keep buying surveillance as though it were security (yes, they both start with “s” but are not the same thing), corporations can keep evaluating cost versus the benefit of security and absent any effective incentives for cyber security, we will remain insecure.

Let me put it more bluntly: So long as cyber insecurity pays better than cyber security, cyber insecurity will continue to have the lead. Cyber security, for all of the talk and noise, is a boutique business compared to the business of cyber insecurity. How else would you explain the reported ten (10) year gap between defenders and hackers?

Government and corporate buyers could start us down the road to cyber security by refusing to purchase software that isn’t warranted to be free from buffer overflow conditions from outside input. (Not the only buffer overflow situation but an obvious one.) With warranties that have teeth in the event that such buffer overflow bugs are found.

The alternative is to have more pronouncements on the need for security, lots of papers on security, etc., and in 2016 and every year thereafter, there will be more vulnerabilities and less security than the year before. Your call.

Comments are closed.