Kaspersky Lab experts who are investigating the experimental cloud infrastructure for advanced bionic prostheses have identified several previously unknown security issues that could enable a third-party to access, manipulate, steal or even delete the private data and more of device users.
The findings were shared with the manufacturer Motorica, a Russian high-technology start-up that develops bionic upper limb prostheses to assist people with disabilities, enabling them to address the security issues.
Kaspersky Lab ICS CERT researchers, in partnership with Motorica, have undertaken a cybersecurity assessment of a test software solution for a digital prosthetic hand developed by the Russian start-up.
The solution itself is a remote cloud system, an interface for monitoring the status of all registered biomechanical devices. It also gives other developers an existing toolset for analysis of the technical condition of devices like smart wheelchairs, artificial hands and feet.
The initial research identified several security issues. These include insecure http connection, incorrect account operations and insufficient input validation. When in use, the prosthetic hand transmits data to the cloud system. Due to the security gaps, an attacker could:
“Motorica is a high-technology, trusted and socially responsible company, focused on addressing the challenges faced by people with physical impairment. As the company prepares for growth, we wanted to help it ensure the right security measures were in place,” said Vladimir Dashchenko, security researcher at Kaspersky Lab ICS CERT.
“The results of our analysis are a good reminder that security needs to be built in to new technologies from the very start. We hope that other developers of advanced connected devices will want to collaborate with the security industry to understand and address device and system security issues and treat the security of devices as an integral and essential part of development.”
To keep the devices safe, Kaspersky Lab advised that companies: