Hacking Medical Robots


Raven II

Security researchers Tamara Bonaci, Jeffrey Herron, Tariq Yusuf , Junjie Yan, Tadayoshi Kohno, Howard Jay Chizeck at the University of Washington investigated the security of a Raven II surgical teleoperation robots and discovered flaws that could allow an attacker to take control over the remote operating robot. Their findings are published in a recent paper, To Make a Robot Secure: An Experimental Analysis of Cyber Security Threats Against Teleoperated Surgical Robots available on arXiv.

Teleoperated surgical robots are currently used in situations where the surgeon is still present in the operating room, typically in an adjoining control room. However future applications involve teleoperation of robots in remote and dangerous environments such as disaster relief and military combat or even via a drone or UAV. In these scenarios interference with a teleoperated robot might lead to harm or even death of the patient.

The robot examined in this report is the Raven II which is an open teleoperated surgical platform developed by UCLA’s Bionics LabThe Raven II is a second-generation surgical robotics research platform and one of a family of surgical robotics platforms developed and tested by the UCLA lab. 

While the attacks described in this paper are vulnerabilities of the Raven II system specifically, the general type of attack must be addressed for any teleoperated surgical robotic system. The researchers report that the “injection attacks we demonstrated were successful due to the fact that valid packets were accepted by the robot from any source.”  The researchers conclude this was “almost certainly a development oversight” and “easy to fix”. However they also stress that developers consider the problem of how to protect  robotics platforms against a more sophisticated packet spoofing attack where both source IP and port information are spoofed.

In this report, the UoW researchers used a computer they controlled,  assuming a role of network intermediary, an attack known as a “man-in-the-middle attack”. The researchers used a UDP proxy written in Python and a standard available library Scapy (for packet interpretation and modification).


Raven IV

This threat is not just restricted to the Raven II however. For example, the Raven IV is another robotics platform is that was developed at the University of California – Santa Cruz. Raven IV includes four robotic arms and two cameras and is designed to facilitate a collaborative operations where surgeons are interacting with the surgical site remotely. The Raven IV architecture further allows two surgeons in two remote locations, and importantly Raven IV works by allowing the surgeons to “connect via commercially available internet connection”. Raven IV employs a UDP protocol similar to that found to be vulnerable in the Raven II.

The UDP protocol is a connectionless transmission model with a light protocol. Importantly UDP has no handshaking and thus UDP exposes any fundamental unreliability of the underlying network to the programmer. Specifically, with UDP, there is no guarantee of delivery, message delivery ordering can vary, and there is no protection against duplicate message deliveries. The user must implement these structures themselves if necessary or applications must be able to deal with the resulting uncertain and redundant delivery of data. UDP does provide checksums for data integrity and includes port numbers for addressing different functions at the source and destination servers.

UDP is commonly used in situations where it is necessary to get an answer to another server as rapidly as possible or if you are delivering data that will be overwritten with new data. Examples include real time sensor or weather data, video and audio streaming applications, real-time stock quotation services, and large scale networked gaming and military simulations. But the simplicity of UDP also makes it vulnerable to some forms of attack. UDP based systems can be secured and need not always be less secure than a TCP based system. It depends.

Surgical robotics designers should consider realistic attack scenarios as part of their fundamental system designs and architectures. Security and reliability go hand in hand, and hackers and cybercriminals are increasingly targeting medical systems and hospital networks. While these attacks are presently related to obtaining personal and private data, we can imagine a future cybercriminal launching ransomware attacks on surgical robots during live surgeries. Victims would have to pay or die, and attackers could launch such attacks remotely from a distant location.


Dr. Mika Sinanan (UW – Dept. of Surgery) and Dr.Thomas Lendvay (UW & Childrens’ Hospital – Pediatric Urology) collaboratively teleoperating Raven IV located at the Bionicas Lab at UCSC (Santa Cruz, CA) from the UW in Seattle WA.