Skip to Content

Security Experts Hack Teleoperated Surgical Robot

The first hijacking of a medical telerobot raises important questions over the security of remote surgery, say computer security experts.

A crucial bottleneck that prevents life-saving surgery being performed in many parts of the world is the lack of trained surgeons. One way to get around this is to make better use of the ones that are available.

Sending them over great distances to perform operations is clearly inefficient because of the time that has to be spent travelling. So an increasingly important alternative is the possibility of telesurgery with an expert in one place controlling a robot in another that physically performs the necessary cutting and dicing. Indeed, the sale of medical robots is increasing at a rate of 20 percent per year.

But while the advantages are clear, the disadvantages have been less well explored. Telesurgery relies on cutting edge technologies in fields as diverse as computing, robotics, communications, ergonomics, and so on. And anybody familiar with these areas will tell you that they are far from failsafe.

Today, Tamara Bonaci and pals at the University of Washington in Seattle examine the special pitfalls associated with the communications technology involved in telesurgery. In particular, they show how a malicious attacker can disrupt the behavior of a telerobot during surgery and even take over such a robot, the first time a medical robot has been hacked in this way.

The first telesurgery took place in 2001 with a surgeon in New York successfully removing the gall bladder of a patient in Strasbourg in France, more than 6,000 kilometers away. The communications ran over a dedicated fiber provided by a telecommunications company specifically for the operation.

That’s an expensive option since dedicated fibers can cost tens of thousands of dollars.

Since then, surgeons have carried out numerous remote operations and begun to experiment with ordinary communications links over the Internet, which are significantly cheaper.

Although there are no recorded incidents in which the communications infrastructure has caused problems during a telesurgery operation, there are still questions over security and privacy which have never been full answered.

So Bonaci and co set out to explore some of these questions using a telesurgery robot called Raven II, which was developed at the University of Washington. Raven II is designed with the goal of dramatically reducing the size of these robots while improving their durability so that they can be used in extreme environments.

The robot consists of two surgical arms that are manipulated by a surgeon using a state-of-the-art control console which includes video and haptic feedback.

The robot itself runs on a single PC running software based on open standards, such as Linux and the Robot Operating System. It communicates with the control console using a standard communications protocol for remote surgery known as the Interoperable Telesurgery Protocol.

This communication takes place over public networks that are potentially accessible to anyone. And because the robot is designed to work in extreme conditions, this communications link can be a low-quality connection to the internet, perhaps even over wireless.

And therein lies the risk. “Due to the open and uncontrollable nature of communication networks, it becomes easy for malicious entities to jam, disrupt, or take over the communication between a robot and a surgeon,” say Bonaci and co.

So that’s exactly what they tried to do. Bonaci and co have attempted various types of cyberattack on the robot to see how easy it is to disrupt.

Their experiment is relatively straightforward. Instead of a real operation, the operator has the task of moving rubber blocks from one part of a peg board to another. The team then measures how quickly the operator can complete this task during an attack and how difficult various operators rate the task.

The control console connects to the robot over a standard network, which the attacking computer is also linked to. This set up allows the attacking computer to intercept and manipulate the signals sent in both directions between the control console and the robot.

The team tries out three type of attacks. The first changes the commands sent by the operator to the robot by deleting, delaying or re-ordering them. This causes the robot’s movement to become jerky and difficult to control.

The second type of attack modifies the intention of signals from the operator to the robot by changing, say, the distance an arm should move or the degree it should rotate and so on. “Most of these attacks had a noticeable impact on the Raven immediately upon launch,” say Bonaci and co.

The final category of attack is a hijacking that completely takes over the robot. This turns out to be relatively easy since the Interoperable Telesurgery Protocol is publicly available. “We effectively took control over the teleoperated procedure,” they say.

They even worked out how to generate movements that triggered an automatic stop mechanism built in to the robot. This occurs when a movement takes the arms beyond some predefined distance or makes them move too quickly.

By constantly sending commands that triggered this mechanism, the team were able to carry out a kind of denial of service attack. “We are able to easily stop the robot from ever being properly reset, thus effectively making a surgical procedure impossible,” they say.

And if this kind of cyberattack weren’t bad enough, the video connection was also publicly available allowing almost anybody to watch the operation in real time.

It’s not hard to imagine how cyberattacks of this kind could have lethal consequences. Even the denial of service attack at a crucial point during a surgical procedure could be fatal.

Having seen how effective these kinds of cyberattacks can be, Bonaci and co also suggest ways to prevent them. The most obvious is to encrypt the communications between the control console and the robot.

They even tested this idea and said the robot performed as expected. “The use of encryption and authentication has low cost and high benefits to telerobotic surgery, mitigating many analyzed attacks,” they conclude.

However, encryption cannot foil every kind of attack. In particular, it still allows man-in-the-middle attacks where an eavesdropper intercepts signals in both directions while fooling both parties that they are still talking to each other.

And video encryption probably isn’t practical over the kind of network links envisaged for remote surgery in extreme locations. That may not be a security concern but it does raise important issues of privacy.  

That’s interesting work that has profound implications not only for the way telesurgery will be performed but on the way the public perceive the safety and privacy of these systems.

Telesurgery operators will have to take a view on how secure their equipment will need to be. And policy makers and the public will have to reach their own conclusions of what kind of security and privacy is acceptable. Either way, the cat and mouse game of cybersecurity will continue

Ref: : To Make a Robot Secure: An Experimental Analysis of Cyber Security Threats Against Teleoperated Surgical Robotics

Keep Reading

Most Popular

DeepMind’s cofounder: Generative AI is just a phase. What’s next is interactive AI.

“This is a profound moment in the history of technology,” says Mustafa Suleyman.

What to know about this autumn’s covid vaccines

New variants will pose a challenge, but early signs suggest the shots will still boost antibody responses.

Human-plus-AI solutions mitigate security threats

With the right human oversight, emerging technologies like artificial intelligence can help keep business and customer data secure

Next slide, please: A brief history of the corporate presentation

From million-dollar slide shows to Steve Jobs’s introduction of the iPhone, a bit of show business never hurt plain old business.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.