Researchers mount cyber attacks against surgery robot

A group of researchers from University of Washington have tested the security of a teleoperated robotic surgery system created by their colleagues, and have found it severely lacking.

“Teleoperated surgical robots will be expected to use a combination of existing publicly available networks and temporary ad-hoc wireless and satellite networks to send video, audio and other sensory information between surgeons and remote robots. It is envisioned these systems will be used to provide immediate medical relief in under-developed rural terrains, areas of natural and human-caused disasters, and in battlefield scenarios,” the researchers noted, and asked: “But what if these robotic systems are attacked and compromised?”

Not many researchers attempted to answer that question, so this group decided to test a “surgery robot” dubbed Raven II, and discovered that it can be hijacked, disabled, have its instructions changed, its failsafes removed or overriden, and its motions impacted on.

“Telerobotic surgery is envisioned to be used in extreme conditions, where robots will have to operate in low-power and harsh conditions, with potentially lossy connection to the internet. The last communication link may potentially even be a wireless link to a drone or a satellite, providing connection to a trusted facility,” they explained, adding that two attack vectors can be used: endpoint compromise, and network and communication-based attacks.

They focused on the latter, pointing out that the most likely point of attack would be between the network uplink and a surgical robot. “Since communication will likely be wireless, on-the-field attackers will be able to disrupt the link or manipulate traffic contents,” they noted.


After establishing a test environment that connected the surgical control console and Raven II via a network hub, they set up a direct connection between the surgical control console and the attacking machine, and tried reordering, dropping and delaying surgeon’s packets, or modifying them.

They succeeded in disrupting the robot’s motions, hijacking it and abusing one of the robot’s inherent safety mechanisms.

“The injection attacks we demonstrated were successful due to the fact that valid packets were accepted by the robot from any source,” they concluded.

“For the Raven II, this was almost certainly a development oversight and is easy to fix. However, we need to consider the larger problem of how to protect against a more sophisticated packet spoofing attacks that also spoofs source IP and port information. One straightforward answer is to encrypt all data streams between the two endpoints rendering all but the man-in-the middle attacks impossible. […] By encrypting and authenticating data streams between the surgeon’s terminal and the robot, the ability of an attacker to initiate an attack that comprises an intention modification, manipulation, or hijack becomes severely hampered.”

The conceded that their research is only the beginning, and that many different challenges will have to be addressed when it comes to the security of all teleoperated robots. But the research and testing should begin now, they concluded.

Don't miss