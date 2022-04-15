Robots in hospitals perform tasks of all kinds. From access management to taking pictures, through delicate operations, they are present in all sectors, which is why it is important that they have highly advanced security systems, to avoid problems at key moments that can cost people’s lives.

Now it has been the provider Aethon that has detected and repaired five critical vulnerabilities in hospital robots used to deliver medical supplies, making it clear that they are not free from these problems.

In the past we saw how hospital equipment could be infected by ransomware, hijacked computers that prevented the treatment of patients, but in addition to the software vulnerabilities of a computer, we have to include problems that prevent the operation of a pacemaker, for example.

It is important that medical devices comply with adequate security measures, and for this it is necessary to know where they can fail.

Aethon’s mobile robots are autonomous devices used by hundreds of hospitals to perform basic, repetitive tasks such as delivering medication, cleaning, delivering linens…all at just over 1 mph.

In the case of the Aethon TUG robots, there were five vulnerabilities found that allow attackers to control the activities of a robot, including taking pictures, spying on its cameras, accessing patient records, blocking the delivery of medicines and plus. They could even take control of the robot and crash it into people or objects.

Among the vulnerabilities they saw missing authorization checks, allowing unauthenticated attackers to add or modify existing user accounts, as well as failed verification of end users, allowing attackers to access the TUG base server and take control of connected robots

The cybersecurity company Cynerio said that several hospitals had such robots connected to the Internet, and that they could be controlled remotely in the Cynerio Live research laboratory.

It is important to note that Cynerio worked with Aethon to develop suitable patches and the latest version of the TUG firmware contains fixes. The issue is… How many robots do not receive this type of audit and are full of this type of problem?