Kaspersky Lab experts investigating the experimental cloud infrastructure for advanced bionic prostheses have identified several previously unknown security issues that could enable a third party to access, manipulate, steal or even delete the private data and more of device users. The findings were shared with the manufacturer Motorica, a Russian high-technology start-up that develops bionic upper limb prostheses to assist people with disabilities, enabling them to address the security issues.

 

The Internet of Things is no longer just about connected smart watches or smart homes, but about advanced, complex, increasingly automated ecosystems. These include connected healthcare cyber technologies. In the future, such technologies could shift away from being purely support devices to becoming mainstream and used by consumers keen to extend the capabilities of the ordinary human body through a process of cybernetization. It is therefore important that any security risks that could potentially be exploited by attackers are minimized by investigating and addressing security issues in current products and their supporting infrastructure.

 

Kaspersky Lab ICS CERT researchers, in partnership with Motorica, have undertaken a cybersecurity assessment of a test software solution for a digital prosthetic hand developed by the Russian start-up. The solution itself is a remote cloud system, an interface for monitoring the status of all registered biomechanical devices. It also gives other developers an existing toolset for analysis of the technical condition of devices like smart wheelchairs, artificial hands and feet.

 

The initial research identified several security issues. These include insecure http connection, incorrect account operations and insufficient input validation. When in use, the prosthetic hand transmits data to the cloud system. Due to the security gaps, an attacker could:

 

  • Gain access to information held in the cloud about all the connected accounts (including logins and passwords in plaintext for all the prosthetic devices and their administrators)

 

  • Manipulate, add or delete such information

 

  • Add or delete their own regular and privileged users (with administrator rights)

 

 

 

“Motorica is a high-technology, trusted and socially responsible company, focused on addressing the challenges faced by people with physical impairment. As the company prepares for growth, we wanted to help it ensure the right security measures were in place. The results of our analysis are a good reminder that security needs to be built in to new technologies from the very start. We hope that other developers of advanced connected devices will want to collaborate with the security industry to understand and address device and system security issues and treat the security of devices as an integral and essential part of development,” said Vladimir Dashchenko, Security Researcher at Kaspersky Lab ICS CERT.

 

“New technologies are bringing us to a new world in terms of bionic assisting devices. It is now of crucial importance for the developers of such technologies to collaborate with cyber security solution vendors. That will allow us to make even theoretical cases of attacks on the human body impossible,” noted Ilya Chekh, CEO at Motorica.

 

To keep the devices safe, we advise that companies:

 

  • Check out threat models and vulnerability classifications for the relevant web-based and IoT technologies, provided by industry experts, such as OWASP IoT Project.

 

  • Introduce secure software development practices based on the proper lifecycle. To evaluate existing software security practices use a systematic approach — for example, OWASP OpenSAMM.

 

  • Establish a procedure for obtaining information on relevant threats and vulnerabilities to ensure proper and timely response to any incidents.

 

  • Regularly update operating systems, application and device software and security solutions.

 

  • Implement cybersecurity solutions designed to analyze network traffic, detect and prevent network attacks – at the boundary of the enterprise network and at the boundary of the OT network.

 

  • Use a protection solution with machine learning anomaly detection (MLAD) technology to reveal deviations in IoT devices’ behavior — for early detection of attack, failure or damage of the device.

 

 

Read the full version of the report on the Securelist website.

 

While bionic technologies are developing, it is important to explore what kind of security issues they may contain to solve them properly. For better understanding on what the future can bring us, Kaspesky Lab hosts the Earth 2050 website with collection of futuristic forecasts.

 


RECOMMENDED ARTICLE FOR TECHWORLD


 
Tier One Closes a 7-Figure Foreign Investment to Strengthen Its Presence in South East Asia
Techworld Date Posted: 14 September 2018 3:14 PM | 912 Views
The past few years have seen a widespread boom in the confidence that companies have for esports. Even owners of NBA franchises see the potential that the esports industry has, and have invested heavily.... See More
 
Tier One Closes a 7-Figure Foreign Investment to Strengthen Its Presence in South East Asia
Techworld Date Posted: 3:14 PM | 912 Views
The past few years have seen a widespread boom in the confidence that companies have for esports. Even owners of NBA franchises see the potential that the esports industry has, and have invested heavily...See More

 
SAP Names Scott Russell President of SAP Asia Pacific Japan
Techworld Date Posted: 20 July 2017 2:31 PM | 230 Views
SAP SE (NYSE: SAP) today announced that Scott Russell has been appointed president of SAP Asia Pacific Japan (APJ). In his new role, Scott will be responsible for growing SAP’s business and presence in.... See More
 
SAP Names Scott Russell President of SAP Asia Pacific Japan
Techworld Date Posted: 2:31 PM | 230 Views
SAP SE (NYSE: SAP) today announced that Scott Russell has been appointed president of SAP Asia Pacific Japan (APJ). In his new role, Scott will be responsible for growing SAP’s business and presence in...See More

 
CYBER HYGIENE 101: Kaspersky Lab Underscores Securing Digital Assets Like Physical Valuables
Techworld Date Posted: 5 October 2018 5:23 PM | 320 Views
With the undeniable dependency of humans to their connected devices, amid the steadily increasing number of attacks and the whopping costs of successful data breaches, Kaspersky Lab recently stressed the need for improved cyber.... See More
 
CYBER HYGIENE 101: Kaspersky Lab Underscores Securing Digital Assets Like Physical Valuables
Techworld Date Posted: 5:23 PM | 320 Views
With the undeniable dependency of humans to their connected devices, amid the steadily increasing number of attacks and the whopping costs of successful data breaches, Kaspersky Lab recently stressed the need for improved cyber...See More

 
HMD Introduces Five New Nokia Phones
Techworld Date Posted: 27 February 2018 4:42 PM | 286 Views
HMD Global, the home of Nokia phones, announced four new additions to its award-winning portfolio of Android smartphones – Nokia 8 Sirocco, Nokia 7 Plus, new Nokia 6 and Nokia 1.. See More
 
HMD Introduces Five New Nokia Phones
Techworld Date Posted: 4:42 PM | 286 Views
HMD Global, the home of Nokia phones, announced four new additions to its award-winning portfolio of Android smartphones – Nokia 8 Sirocco, Nokia 7 Plus, new Nokia 6 and Nokia 1.See More

 
PLDT Offers Lowest Call Rate to All Networks
Techworld Date Posted: 12 April 2017 2:25 PM | 302 Views
Leading telecoms and digital services provider, PLDT, introduces its lowest call plan offer, the All Net Fam Call 299, starting April. The All Net Fam Call 299 allows subscribers to make 100 minutes of landline.... See More
 
PLDT Offers Lowest Call Rate to All Networks
Techworld Date Posted: 2:25 PM | 302 Views
Leading telecoms and digital services provider, PLDT, introduces its lowest call plan offer, the All Net Fam Call 299, starting April. The All Net Fam Call 299 allows subscribers to make 100 minutes of landline...See More

 
GPU Powered: 7 Startups You Won’t Want to Miss at GTC
Techworld Date Posted: 27 February 2019 1:27 PM | 74 Views
Cargo ships that can self-navigate. A massive marketplace for AI-authenticated collectible sneakers. Professional translation at 5x speed.. See More
 
GPU Powered: 7 Startups You Won’t Want to Miss at GTC
Techworld Date Posted: 1:27 PM | 74 Views
Cargo ships that can self-navigate. A massive marketplace for AI-authenticated collectible sneakers. Professional translation at 5x speed.See More

 
Lian Li Announces Thanksgiving Build Contest in Partnership with Der8auer, ASUS and ADATA
Techworld Date Posted: 12 November 2018 4:54 PM | 276 Views
Lian Li Industrial Co. Ltd., the world’s leading manufacturer of aluminum chassis for enthusiasts, custom OEM/ODM case solutions, and case accessories is thrilled to invite all owners of Lian Li O11 Dynamic and O11.... See More
 
Lian Li Announces Thanksgiving Build Contest in Partnership with Der8auer, ASUS and ADATA
Techworld Date Posted: 4:54 PM | 276 Views
Lian Li Industrial Co. Ltd., the world’s leading manufacturer of aluminum chassis for enthusiasts, custom OEM/ODM case solutions, and case accessories is thrilled to invite all owners of Lian Li O11 Dynamic and O11...See More

 
Millennial Idols Mayward Share How You Can Use Your FREE 10GB from PLDT Home Prepaid Wifi Wisely
Techworld Date Posted: 2 April 2019 3:51 PM | 46 Views
Fast-rising celebrities Maymay Entrata and Edward Barber a.k.a. MayWard are back with a new video for PLDT Home Prepaid WiFi’s Techie Hacks series. . See More
 
Millennial Idols Mayward Share How You Can Use Your FREE 10GB from PLDT Home Prepaid Wifi Wisely
Techworld Date Posted: 3:51 PM | 46 Views
Fast-rising celebrities Maymay Entrata and Edward Barber a.k.a. MayWard are back with a new video for PLDT Home Prepaid WiFi’s Techie Hacks series. See More

 
Moto Mods Bring Sunshine on Rainy Days
Techworld Date Posted: 23 August 2017 11:46 AM | 292 Views
Stormy weather, with its dark clouds and downcast character, can dampen anyone's mood. Having to stay indoors due to heavy rains is a downer, particularly for young, adventurous millennials who thrive by socializing with.... See More
 
Moto Mods Bring Sunshine on Rainy Days
Techworld Date Posted: 11:46 AM | 292 Views
Stormy weather, with its dark clouds and downcast character, can dampen anyone's mood. Having to stay indoors due to heavy rains is a downer, particularly for young, adventurous millennials who thrive by socializing with...See More

 
SAP Supports Customers in Southeast Asia on Their Intelligent Enterprise Journey
Techworld Date Posted: 12 November 2018 5:01 PM | 200 Views
SAP SE (NYSE: SAP) showcased customers in Southeast Asia who have embarked on a journey towards becoming an Intelligent Enterprise. The economic stimulus in Southeast Asia continues to grow, resulting in the expansion of.... See More
 
SAP Supports Customers in Southeast Asia on Their Intelligent Enterprise Journey
Techworld Date Posted: 5:01 PM | 200 Views
SAP SE (NYSE: SAP) showcased customers in Southeast Asia who have embarked on a journey towards becoming an Intelligent Enterprise. The economic stimulus in Southeast Asia continues to grow, resulting in the expansion of...See More


Power by

Download Free AZ | Free Wordpress Themes