Researchers hack a teleoperated surgical robot, revealing security flaws

In some cases, the human operators were eventually able to compensate for those disruptions, given the relatively simple task of moving blocks. In situations where precise movements can mean the difference between life and death — such as surgery or a search and rescue extrication — these types of cyberattacks could have more serious consequences, the researchers believe.

With a single packet of bad data, for instance, the team was able to maliciously trigger the robot’s emergency stop mechanism, rendering it useless.

The tests were conducted with the Raven II, an open source teleoperated robotic system developed by UW electrical engineering professor Blake Hannaford and former UW professor Jacob Rosen, along with their students. Raven II, currently manufactured and sold by Seattle-based Applied Dexterity Inc., a UW spin-out, is a next generation teleoperated robotic system designed to support research in advanced techniques of robotic-assisted surgery. The system is not currently in clinical use and is not approved by the FDA.

The surgical robots that are FDA-approved for clinical use today, which typically allow a surgeon to remove tumors, repair heart valves or perform other procedures in a less invasive way, use a different communication channel and typically do not rely on publicly available networks, which would make the cyberattacks the UW team tested much harder to mount.

But if teleoperated robots will be used in locations with no secure alternative to networks or other communication channels that are easy to hack, it’s important to begin designing and incorporating additional security features now, the researchers argue.

“If there’s been a disaster, the network has probably been damaged too. So you might have to fly a drone and put a router on it and send signals up to it,” said Howard Chizeck, UW professor of electrical engineering and co-director of the UW BioRobotics Lab.

“In an ideal world, you’d always have a private network and everything could be controlled, but that’s not always going to be the case. We need to design for and test additional security measures now, before the next generation of telerobots are deployed.”

Encrypting data packets that flow between the robot and human operator would help prevent certain types of cyberattacks. But it is not effective against denial-of-service attacks that bog down the system with extraneous data. With video, encryption also runs the risk of causing unacceptable delays in delicate operations.

The release notes that the UW team is also developing the concept of “operator signatures,” which leverage the ways in which a particular surgeon or other teleoperator interacts with a robot to create a unique biometric signature.

By tracking the forces and torques that a particular operator applies to the console instruments and his or her interactions with the robot’s tools, the researchers have developed a novel way to validate that person’s identity and authenticate that the operator is the person he or she claims to be.

Moreover, monitoring those actions and reactions during a telerobotic procedure could give early warning that someone else has hijacked that process.

“Just as everyone signs something a little bit differently and you can identify people from the way they write different letters, different surgeons move the robotic system differently,” Chizeck said. “This would allow us to detect and raise the alarm if all of a sudden someone who doesn’t seem to be operator A is maliciously controlling or interfering with the procedure.”

Co-authors on the three telerobotic security papers include UW electrical engineering graduate students Junjie Yan and Jeffrey Herron, Tadayoshi Kohno of the UW computer science and engineering department, former UW computer science and engineering undergraduate Tariq Yusuf, Ryan Calo of the UW School of Law, and law student Aaron Alva.