Prosthetic limbs could become hacker target
Kaspersky Lab working with cybernetic limb startup to ensure security is built in
Smart prosthetic limbs could become a target for hackers, if security is not built in to such devices, according to Kaspersky Lab.
Initial research by Kaspersky with a startup that makes cybernetic limbs has uncovered potential security issues with cloud connections which could allow hackers to steal data about devices and create their own admin access.
Motorica is a Russian startup which creates digital prosthetic hands. Along with the prostheses, the company also has a cloud-based solution for testing digital limbs, which monitors the status of all registered biomechanical devices.
Kaspersky Lab worked with Motorica to analyse the platform, and found that it had a number of vulnerabilities including insecure http connection, incorrect account operations and insufficient input validation. When in use, the prosthetic hand transmits data to the cloud system.
Due to the security gaps, an attacker could potentially gain access to all the data held in the cloud, including account data, logins and passwords for all prosthetic devices and their administrators; manipulate, add or delete such information; and add or delete their own regular and privileged users with administrator rights.
Motorica makes the platform available to other other developers to utilise as a toolset for analysis of the technical condition of devices like smart wheelchairs, artificial hands and feet, so securing the platform is especially important.
"Motorica is a high-technology, trusted and socially responsible company, focused on addressing the challenges faced by people with physical impairment. As the company prepares for growth, we wanted to help it ensure the right security measures were in place," said Vladimir Dashchenko, security researcher at Kaspersky Lab ICS CERT.
"The results of our analysis are a good reminder that security needs to be built in to new technologies from the very start. We hope that other developers of advanced connected devices will want to collaborate with the security industry to understand and address device and system security issues and treat the security of devices as an integral and essential part of development."
"New technologies are bringing us to a new world in terms of bionic assisting devices. It is now of crucial importance for the developers of such technologies to collaborate with cyber security solution vendors. That will allow us to make even theoretical cases of attacks on the human body impossible," noted Ilya Chekh, CEO at Motorica.