Kaspersky Lab experts investigating the experimental cloud infrastructure for advanced bionic prostheses have identified several previously unknown security issues that could enable a third party to access, manipulate, steal or even delete the private data and more of device users. The findings were shared with the manufacturer Motorica, a Russian high-technology start-up that develops bionic upper limb prostheses to assist people with disabilities, enabling them to address the security issues.

 

The Internet of Things is no longer just about connected smart watches or smart homes, but about advanced, complex, increasingly automated ecosystems. These include connected healthcare cyber technologies. In the future, such technologies could shift away from being purely support devices to becoming mainstream and used by consumers keen to extend the capabilities of the ordinary human body through a process of cybernetization. It is therefore important that any security risks that could potentially be exploited by attackers are minimized by investigating and addressing security issues in current products and their supporting infrastructure.

 

Kaspersky Lab ICS CERT researchers, in partnership with Motorica, have undertaken a cybersecurity assessment of a test software solution for a digital prosthetic hand developed by the Russian start-up. The solution itself is a remote cloud system, an interface for monitoring the status of all registered biomechanical devices. It also gives other developers an existing toolset for analysis of the technical condition of devices like smart wheelchairs, artificial hands and feet.

 

The initial research identified several security issues. These include insecure http connection, incorrect account operations and insufficient input validation. When in use, the prosthetic hand transmits data to the cloud system. Due to the security gaps, an attacker could:

 

  • Gain access to information held in the cloud about all the connected accounts (including logins and passwords in plaintext for all the prosthetic devices and their administrators)

 

  • Manipulate, add or delete such information

 

  • Add or delete their own regular and privileged users (with administrator rights)

 

 

 

“Motorica is a high-technology, trusted and socially responsible company, focused on addressing the challenges faced by people with physical impairment. As the company prepares for growth, we wanted to help it ensure the right security measures were in place. The results of our analysis are a good reminder that security needs to be built in to new technologies from the very start. We hope that other developers of advanced connected devices will want to collaborate with the security industry to understand and address device and system security issues and treat the security of devices as an integral and essential part of development,” said Vladimir Dashchenko, Security Researcher at Kaspersky Lab ICS CERT.

 

“New technologies are bringing us to a new world in terms of bionic assisting devices. It is now of crucial importance for the developers of such technologies to collaborate with cyber security solution vendors. That will allow us to make even theoretical cases of attacks on the human body impossible,” noted Ilya Chekh, CEO at Motorica.

 

To keep the devices safe, we advise that companies:

 

  • Check out threat models and vulnerability classifications for the relevant web-based and IoT technologies, provided by industry experts, such as OWASP IoT Project.

 

  • Introduce secure software development practices based on the proper lifecycle. To evaluate existing software security practices use a systematic approach — for example, OWASP OpenSAMM.

 

  • Establish a procedure for obtaining information on relevant threats and vulnerabilities to ensure proper and timely response to any incidents.

 

  • Regularly update operating systems, application and device software and security solutions.

 

  • Implement cybersecurity solutions designed to analyze network traffic, detect and prevent network attacks – at the boundary of the enterprise network and at the boundary of the OT network.

 

  • Use a protection solution with machine learning anomaly detection (MLAD) technology to reveal deviations in IoT devices’ behavior — for early detection of attack, failure or damage of the device.

 

 

Read the full version of the report on the Securelist website.

 

While bionic technologies are developing, it is important to explore what kind of security issues they may contain to solve them properly. For better understanding on what the future can bring us, Kaspesky Lab hosts the Earth 2050 website with collection of futuristic forecasts.

 


RECOMMENDED ARTICLE FOR TECHWORLD


 
IDC MarketScape Recognizes SAP S/4HANA Cloud as a Leader in Global SaaS and Cloud-Enabled Operational ERP Systems
Techworld Date Posted: 10 May 2019 11:44 AM | 1 Views
SAP SE (NYSE: SAP) announced it has been named a Leader in “IDC MarketScape: Worldwide SaaS and Cloud-Enabled Operational ERP Applications 2019 Vendor Assessment.”. See More
 
IDC MarketScape Recognizes SAP S/4HANA Cloud as a Leader in Global SaaS and Cloud-Enabled Operational ERP Systems
Techworld Date Posted: 11:44 AM | 1 Views
SAP SE (NYSE: SAP) announced it has been named a Leader in “IDC MarketScape: Worldwide SaaS and Cloud-Enabled Operational ERP Applications 2019 Vendor Assessment.”See More

 
Smart Reimagines Postpaid Experience with New Signature Plans
Techworld Date Posted: 21 May 2019 8:32 AM | 0 Views
PLDT mobile services arm Smart Communications is ushering in a reimagined postpaid experience that puts customers first as it launches the new Signature Plans.. See More
 
Smart Reimagines Postpaid Experience with New Signature Plans
Techworld Date Posted: 8:32 AM | 0 Views
PLDT mobile services arm Smart Communications is ushering in a reimagined postpaid experience that puts customers first as it launches the new Signature Plans.See More

 
Clean Machines: Startup’s Bots Sweep Up Corporate Campuses
Techworld Date Posted: 4 March 2019 3:49 PM | 119 Views
Gregg Ratanaphanyarat and Dawei Ding joined the ranks of college dropouts in 2016, leaving Penn State to launch a robotics startup for outdoor cleaning.. See More
 
Clean Machines: Startup’s Bots Sweep Up Corporate Campuses
Techworld Date Posted: 3:49 PM | 119 Views
Gregg Ratanaphanyarat and Dawei Ding joined the ranks of college dropouts in 2016, leaving Penn State to launch a robotics startup for outdoor cleaning.See More

 
Latest Nokia Smartphones Now in the Android Recommended Programme
Techworld Date Posted: 25 May 2019 5:10 PM | 0 Views
HMD Global, the home of Nokia phones, has announced that it now offers the largest and most-diverse range of “best-in-business” smartphones on Android™ with the addition of three new devices. The Nokia 9 PureView,.... See More
 
Latest Nokia Smartphones Now in the Android Recommended Programme
Techworld Date Posted: 5:10 PM | 0 Views
HMD Global, the home of Nokia phones, has announced that it now offers the largest and most-diverse range of “best-in-business” smartphones on Android™ with the addition of three new devices. The Nokia 9 PureView,...See More

 
AOC Teams Up with 20th Century Fox for the Exclusive Screening of Kingsman: The Golden Circle
Techworld Date Posted: 25 September 2017 11:37 AM | 294 Views
AOC has partnered with no less than 20th Century Fox for the advanced screening of the much awaited, "Kingsman: The Golden Circle" and arranged a special dinner and programme for the members of the.... See More
 
AOC Teams Up with 20th Century Fox for the Exclusive Screening of Kingsman: The Golden Circle
Techworld Date Posted: 11:37 AM | 294 Views
AOC has partnered with no less than 20th Century Fox for the advanced screening of the much awaited, "Kingsman: The Golden Circle" and arranged a special dinner and programme for the members of the...See More

 
MSI GAMING PH ANNOUNCES OFFICIAL LAUNCH OF NEW CONCEPT STORE
Techworld Date Posted: 10 November 2017 10:36 AM | 343 Views
Micro-star International (MSI), the world’s best-selling gaming laptop brand, will be having a grand launching celebration of their newest MSI Concept Store on November 16, 2017.. See More
 
MSI GAMING PH ANNOUNCES OFFICIAL LAUNCH OF NEW CONCEPT STORE
Techworld Date Posted: 10:36 AM | 343 Views
Micro-star International (MSI), the world’s best-selling gaming laptop brand, will be having a grand launching celebration of their newest MSI Concept Store on November 16, 2017.See More

 
The Rise of Thingbots in the Philippines
Techworld Date Posted: 26 October 2017 1:06 PM | 527 Views
Thingbots, botnets built exclusively from IoT devices, are set to become the infrastructure for a future darknet. This is one of the key findings of F5 Networks’s latest report,. See More
 
The Rise of Thingbots in the Philippines
Techworld Date Posted: 1:06 PM | 527 Views
Thingbots, botnets built exclusively from IoT devices, are set to become the infrastructure for a future darknet. This is one of the key findings of F5 Networks’s latest report,See More

 
PH Faces Increasing App-Driven Attacks
Techworld Date Posted: 7 September 2017 1:56 PM | 461 Views
MANILA, PHILIPPINES - The attack surface created by app-driven transformation is expanding rapidly, with 72 percent of the total number of attacks focused on user identities and applications, the gateway to personal data. This.... See More
 
PH Faces Increasing App-Driven Attacks
Techworld Date Posted: 1:56 PM | 461 Views
MANILA, PHILIPPINES - The attack surface created by app-driven transformation is expanding rapidly, with 72 percent of the total number of attacks focused on user identities and applications, the gateway to personal data. This...See More

 
Phantom 4 Advanced vs Phantom 4 Pro: 4 Differences You Need to Know
Techworld Date Posted: 24 August 2017 9:41 AM | 309 Views
DJI's most recent release, the Phantom 4 Advanced, is a slightly altered version of the Phantom 4 Pro unit which came out late last year. Its titanium and magnesium alloy makes the aircraft more durable.... See More
 
Phantom 4 Advanced vs Phantom 4 Pro: 4 Differences You Need to Know
Techworld Date Posted: 9:41 AM | 309 Views
DJI's most recent release, the Phantom 4 Advanced, is a slightly altered version of the Phantom 4 Pro unit which came out late last year. Its titanium and magnesium alloy makes the aircraft more durable...See More

 
Globe Telecom Signs Multi-Year Intelligent Operations Deal with Amdocs for Continuous Enhancement of Services and Operations
Techworld Date Posted: 1 March 2018 2:38 PM | 569 Views
Amdocs, (NASDAQ: DOX), a leading provider of software and services to communications and media companies, today announced that it has signed a multi-year services contract with Globe Telecom, one of the Philippines’ largest telecommunications.... See More
 
Globe Telecom Signs Multi-Year Intelligent Operations Deal with Amdocs for Continuous Enhancement of Services and Operations
Techworld Date Posted: 2:38 PM | 569 Views
Amdocs, (NASDAQ: DOX), a leading provider of software and services to communications and media companies, today announced that it has signed a multi-year services contract with Globe Telecom, one of the Philippines’ largest telecommunications...See More


Power by

Download Free AZ | Free Wordpress Themes