Tech evangelists regularly preach the merits of a smarter, more connected world. A thermostat that anticipates our desired temperature! Self-driving cars! But an increasingly connected-to-the-internet world is also an increasingly vulnerable one. Especially when the things connected to the internet happen to be operating on live, human bodies.
Researchers at the University of Washington just published a set of experiments in which they successfully hacked a surgical robot.
This kind of proxy robot doctor could be operated in tricky circumstances (rescue scenarios, war zones) by human doctors remotely, but that connection also leaves it open to attack. The researchers didn't even have to do anything fancy. They used common hacking tactics to make the bot jerk, slip up, and freeze.
This isn't the first time the University of Washington has conducted such an experiment. The computer science department—particularly the work of Tadayoshi Kohno—has unearthed flaws in embedded medical devices, electronic voting machines, and smart cars. (Check out his PBS profile here.) The school has "a long history of showing that interesting, cutting-edge hardware is vulnerable in some sense," Ryan Calo, a co-author on one of the robotics papers, said.
The purpose of pointing out faults, of course, is to make sure the technology gets an upgraded security system before it goes on the market. But sometimes that can be difficult when a generation of entrepreneurs has already snorted the innovation Kool Aid. "[Security can be] a hard thing to expect when often this innovation bubbles up from small startups and other quarters," Calo said. "Security is unfortunately sometimes an afterthought."
But the UW researchers also proposed a fascinating way to make sure the robots stay connected to the right medical professionals on the other side. Calo, explaining the work of his colleague Tamara Bonaci, frames it like this: Say you have a forged signature and an authentic one. You can't tell them apart. The only way in which the two signatures differ is how they were drawn, the process. If robot surgeons could only be unlocked by the unique, signature process of their doctors—the way in which those doctors operate—they'd be incredibly difficult to hack.
Regulators, however, don't always establish the more secure standards. The Food and Drug Administration greenlit robotic surgery relatively quickly, Calo said, because the people who made the robots compared the new technology to laparoscopic surgery, where the doctor is in the same room and uses extensions like actuators and video camera. But laparoscopic surgery is very different from remotely ordering a robot to cut someone open, so relying on old comparisons isn't necessarily the safest bet. In an article published last year, Calo cited that as one reason to create a techno-futurist regulatory safeguard: an independent federal robotics commission to oversee this section of the innovation economy.