A Patch Against JekyllBot:5 Stops Hospital Robots From Going Mr. Hyde
Today’s terrifying news about lousy security comes from a hospital near you, who you can only hope paid attention to the notice from Aethon that a security update needs to be applied immediately. Aethon supplies autonomous hospital robots which can be used to transport critical supplies to various parts of a hospital, capable of navigating the hallways and using elevators as well as keeping track of which supplies are needed for which patients.
It seems security was more than a little lax on these autonomous robots as researchers discovered “five bugs, collectively called JekyllBot:5, required no special privileges or user interaction” in order to gain significant access. It is not just that there was no protection against interference either, some of these vulnerabilities could be triggered remotely over the web. Aethon have released patches for these flaws; one hopes they are quickly applied and that there are not more lurking behind the scenes.
The flaws included not just the ability for attackers to access user credentials and medical records, but to deliver incorrect medications or even fail to deliver them completely. Thanks to it’s ability to use cameras to traverse the hallways attackers could use this to remotely surveil those same hospital, or use it’s control over elevators to lock them out.
Let’s hope this security lesson makes an impact, as it is not the first time vulnerabilities in automation have seriously endangered hospital patients.