“Mobile robot maker Aethon has fixed a series of vulnerabilities in its Tug hospital robots that, if exploited, could allow a cybercriminal to remotely control thousands of medical machines.”
I pulled that quote from an article written by Jessica Lyons Hardcastle titled CVSS 9.8 flaws are not what you want in a hospital robot. (If you would like to read the full article, the link will be at the bottom of this page.)
Robots and automation are all the rage these days it seems. How fast can we get it done? How cheap can it be done for? Robots won’t complain, robots don’t need breaks, robots are the way of the future. I guess I’ll have to be the contrarian and take the controversial stance that maybe humans should slow their roll with all the automation, for a myriad of reasons with none being more important than cybersecurity.
Sure, humanity has been known to have a few bad apples in history, but those issues seem to have a way of working themselves out. The differentiating factor here would be it only takes one bad apple of a human to take advantage of one vulnerability in the cyber make-up of the robot to shut down thousands of hospitals potentially. Luckily, Aethon had fixed these gaps within the system before someone externally figured it out.
"If attackers were able to exploit JekyllBot:5, they could have completely taken over system control, gained access to real-time camera feeds and device data, and wreaked havoc and destruction at hospitals using the robots," said Asher Brass, lead researcher on the JekyllBot:5 vulnerabilities and head of cyber network analysis at Cynerio.
You can take this as an interesting story, or you can take it as a metaphor for your own company. Get introspective and think about where there are potential vulnerabilities in your systems. People often think of cybersecurity as an afterthought or a privilege they can’t yet afford. In reality, you should probably think of it more like car insurance, budget it into your expenses, and utilize it when you need to. If you think a vulnerability assessment or a penetration test is too expensive, then you better be sitting down when you find out much a cybersecurity breach will likely cost you.
Don’t wait for the Skynet to take over, don’t wait for John Connor to start Tec-Com to help you, don’t let the Terminators have their way. Protect yourself and protect your data.
If you’re interested in the near miss with Skynet we’ve already seen, the article can be read here