Five critical bugs fixed in hospital robot control system – Naked Security

Researchers at healthcare cybersecurity company Cynerio just published a report about five cybersecurity holes they found in a hospital robot system called TUG.

TUGs are pretty much robot cabinets or platforms on wheels, apparently capable of carrying up to 600kg and rolling along at just under 3km / hr (a slow walk).

They’re apparently available in both hospital variants (eg for transporting medicines in locked drawers on ward rounds) and hospitality variants (eg transporting crockery and crumpets to the conservatory).

During what we’re assuming was a combined penetration test / security assessment job, the Cynerio researchers were able to sniff out traffic to and from the robots in use, track the network exchanges back to a web portal running on the hospital network, and from there to uncover five non-trivial security flaws in the backend web servers used to control the hospital’s robot underlords.

In a media-savvy and how-we-wish-people-wouldn’t-do-this-but-they-do PR gesture, the researchers dubbed their bugs The JekyllBot Fivedramatically stylized JekyllBot: 5 for short.

Despite the unhinged, psychokiller overtones of the name “Jekyllbot”, however, the bugs do not have anything to do with AI gone amuck or a robot revolution.

The researchers also duly noted in their report that, at the hospital where they were investigating with permission, the robot control portal was not directly visible from the internet, so a would-be attacker would have already needed an internal foothold to abuse any of the bugs they found.

Related posts


Latest posts

Senators Urge FTC to Probe Over Selfie Data – Krebs on Security

Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission (FTC) to investigate identity-proofing company for “deceptive statements”...

Personal Information of Nearly Two Million Texans Exposed

The personal information of nearly two million Texans was exposed for nearly three years due to a programming issue at the Texas Department of...

Critical VMware Bug Exploits Continue, as Botnet Operators Jump In

Recently uncovered VMware vulnerabilities continue to anchor an ongoing wave of cyberattacks bent on dropping various payloads. In the latest spate of activity,...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!