Article 5Y44N Autonomous Robots Used In Hundreds of Hospitals At Risk of Remote Hijacks

Autonomous Robots Used In Hundreds of Hospitals At Risk of Remote Hijacks

by
BeauHD
from Slashdot on (#5Y44N)
An anonymous reader quotes a report from TechCrunch: [R]esearchers are now finding vulnerabilities in newer hospital technologies that weren't as ubiquitous a decade ago. Enter autonomous hospital robots, the supposed-to-be-friendly self-controlled digital workhorses that can transport medications, bed linens, food, medications and laboratory specimens across a hospital campus. These robots, such as the ones built by robot maker Aethon, are equipped with the space to transport critical goods and security access to enter restricted parts of the hospital and ride elevators, all while cutting labor costs. But researchers at Cynerio, a cybersecurity startup focused on securing hospital and healthcare systems, discovered a set of five never-before-seen vulnerabilities in Aethon robots, which they say allowed malicious hackers to remotely hijack and control these autonomous robots -- and in some cases over the internet. The five vulnerabilities, which Cynerio collectively call JekyllBot:5, aren't with the robots themselves but with the base servers that are used to communicate with and control the robots that traverse the hallways of the hospitals and hotels. The bugs range from allowing hackers to create new users with high-level access in order to then log in and remotely control the robots and access restricted areas, snoop on patients or guests using the robot's in-built cameras, or otherwise cause mayhem. Asher Brass, the lead researcher on the Aethon vulnerabilities, warned that the flaws required a "very low skill set for exploitation." Cynerio said the base servers have a web interface that could be accessed from inside the hospital's network, allowing "guest" users to view real-time robot camera feeds and their upcoming schedules and tasks for the day without needing a password. But although the robots' functionality were protected by an "admin" account, the researchers said the vulnerabilities in the web interface could have allowed a hacker to interact with the robots without needing an admin password to log in. One of the five bugs, the researchers said, exposed robots to remote control using a joystick-style controller in the web interface, while exploiting another one of the bugs to interact with door locks, call and ride elevators, and open and close medication drawers. "The bugs were fixed in a batch of software and firmware updates released by Aethon, after Cynerio alerted the company to the issues," notes TechCrunch. "Aethon is said to have restricted internet-exposed servers to isolate the robots from potential remote attacks, and fixed other web-related vulnerabilities that affected the base station."

twitter_icon_large.pngfacebook_icon_large.png

Read more of this story at Slashdot.

External Content
Source RSS or Atom Feed
Feed Location https://rss.slashdot.org/Slashdot/slashdotMain
Feed Title Slashdot
Feed Link https://slashdot.org/
Feed Copyright Copyright Slashdot Media. All Rights Reserved.
Reply 0 comments