Critical vulnerabilities uncovered in hospital robots (steal creds and data, make robots harass staff and patients...)

ZDNet ^ | Apr 13, 2022 | Charlie Osborne

[dayglored]

The robots zip around hospitals delivering medicine and other supplies.

Vendor Aethon has patched five critical vulnerabilities in hospital robots used to deliver medical supplies.

The world of health-related cybersecurity issues is still relatively untouched. In recent years, we've seen the impact of ransomware outbreaks in hospitals; software vulnerabilities including those that could, in theory, stop a pacemaker from working, and countless patient data leaks at providers worldwide.

However, unless there's a clear-cut financial benefit, many cyberattackers will ignore medical devices in favor of hitting businesses likely to provide them with illicit revenue.

This doesn't mean that vendors, or defenders, should ignore vulnerabilities and security issues surrounding medicine, especially as digital health, personalized medicine, and remote care continue to develop.

Medical devices can fall short of adequate security measures, as recently revealed in Cynerio's public disclosure of Jekyllbot:5 (.PDF), five critical vulnerabilities in Aethon TUG robots.

According to Cynerio, the five vulnerabilities allow attackers to take over a robot's activities, including taking photos; snooping on the hospital in real-time via camera feeds, accessing patient records; disrupting or blocking drug delivery, all of which could impact patient care.

In addition, the team says the bugs could be used to hijack user sessions or "take control of the robot's movement and crash them into people or objects, or use them to harass patients and staff."

[dayglored]

Oh, this is just GREAT.

Robots that roam the hospital halls, harassing the staff and the patients.

[dayglored]

Tech *PING* candidate.

[FormerFRLurker]

From the article:

“However, unless there’s a clear-cut financial benefit, many cyberattackers will ignore medical devices in favor of hitting businesses likely to provide them with illicit revenue.”

Like healthcare isn’t a multibillion dollar business in the US. Why do criminals rob banks? Because that’s where the money is.

[Red Badger]

Problem solved.............

[billorites]

Stealing morphine...

[algore]

The Mail Bots in fed buildings are a much greater security risk, As are Random Fake Agents who infiltrate the Secret Service and are let go cause you know

https://freerepublic.com/focus/f-news/4054494/posts

[Yaelle]

This just in: bad guys will try to use any system to steal money.

[DannyTN]

I for one look forward to our new sneaky, abusive, robotic nurse overlords.

[who knows what evil?]

According to Cynerio, the five vulnerabilities allow attackers to take over a robot's activities, including taking photos; snooping on the hospital in real-time via camera feeds, accessing patient records; disrupting or blocking drug delivery, all of which could impact patient care.

You mean like the human RaDonda Vaught?

[dayglored]

> You mean like the human RaDonda Vaught?

Yes, but in addition, it's under REMOTE CONTROL.

[dayglored]

> I for one look forward to our new sneaky, abusive, robotic nurse overlords.

Ummm, yeah. I guess you could say she's kinda cute. For a robot.

[antidemoncrat]

Is the AI revolution starting?

[DannyTN]

"Ummm, yeah. I guess you could say she's kinda cute. For a robot."

Well the neck tumor has me a little concerned, but I doubt it's contagious.

[dayglored]

Girl robots do tend to be kinda lumpy. You get used to it.