{"id":2151,"date":"2022-04-25T04:15:18","date_gmt":"2022-04-25T11:15:18","guid":{"rendered":"https:\/\/www.ssls.com\/blog\/?p=2151"},"modified":"2022-04-27T03:51:32","modified_gmt":"2022-04-27T10:51:32","slug":"hospital-robots-at-risk-of-remote-hijacking-due-to-security-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.ssls.com\/blog\/hospital-robots-at-risk-of-remote-hijacking-due-to-security-vulnerabilities\/","title":{"rendered":"Hospital robots at risk of remote hijacking due to security&nbsp;vulnerabilities"},"content":{"rendered":"\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.ssls.com\/blog\/wp-content\/uploads\/SSL_Blog_Hospital-robots.png\" alt=\"\" class=\"wp-image-2026\"\/><\/figure>\n\n\n\n<p>We\u2019re only in the third decade of the 21st century and we\u2019ve already witnessed a raft of technological advancements that not even the most forward-thinking science-fiction writers could have predicted (though I\u2019m still holding out hope for flying cars and jetpacks that actually work).&nbsp;<br><\/p>\n\n\n\n<!--more-->\n\n\n\n<p>One of those advancements is the invention of autonomous hospital robots. Intended to cut labor costs, these guys can work independently, entering all areas of a hospital, transporting critical goods like transport bed linens, food, lab specimens, and medications.<br><\/p>\n\n\n\n<p>Very convenient! And, unfortunately, not always very secure.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The main security vulnerabilities<\/h2>\n\n\n\n<p>According to <a href=\"https:\/\/techcrunch.com\/2022\/04\/12\/aethon-robots-hospitals-hijacks\/\">TechCrunch<\/a>, researchers at a hospital and cybersecurity startup, Cynerio, found five brand new vulnerabilities in robots made by the robot maker brand Aethon, which has thousands of robots working in hospitals worldwide. Five vulnerabilities, to be exact \u2014 which the researchers have named JekyllBot:5 \u2014 and they have never been seen before. The researchers warned they could allow hackers to hijack the robots remotely, perhaps even over the Internet.&nbsp;<br><\/p>\n\n\n\n<p>The vulnerabilities lie with the robots\u2019 base server, which controls and communicates with the robots. Cynerio researchers discovered that very little skill would be needed to exploit these vulnerabilities and potentially gain high-level access to the robots and proceed to use the robots\u2019 cameras, spy on patients, and access restricted areas of a hospital. Although the robot web interface had a password-protected admin account, hackers could still potentially interact with a robot without needing to log in. They also found it was possible to access the base server\u2019s web interface via the hospital&#8217;s guest network. Here, a hacker could easily view a robot\u2019s schedule and camera feed.&nbsp;<br><\/p>\n\n\n\n<p>The hospitals most at risk of these vulnerabilities were those that have the robots\u2019 base server connected to the internet. Storing the base servers on a local network instead decreased the risk of exploitation significantly. Still, any risk at all is too much for machines that can gain access to patients, sensitive information, and medications. The potential for chaos in case of exploitation cannot be understated.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Fixing the problem<\/h2>\n\n\n\n<p>Fortunately, Cynerio alerted Aethon about the vulnerabilities. The company has since fixed the bugs in recent software and firmware updates, restricting Internet-exposed servers and addressing the many other web-related vulnerabilities. Still, it was a close call. This story highlights the importance of implementing strong security when using robots and related technologies for jobs generally performed by humans, particularly when so much sensitive data is at stake. <br><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We\u2019re only in the third decade of the 21st century and we\u2019ve already witnessed a raft of technological advancements that not even the most forward-thinking science-fiction writers could have predicted (though I\u2019m still holding out hope for flying cars and jetpacks that actually work).&nbsp;<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2151","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/2151","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/comments?post=2151"}],"version-history":[{"count":1,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/2151\/revisions"}],"predecessor-version":[{"id":2152,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/2151\/revisions\/2152"}],"wp:attachment":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/media?parent=2151"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/categories?post=2151"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/tags?post=2151"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}