Security News
Apple has introduced a game-changer into its upcoming iOS 16 for those who hate CAPTCHAs, in the form of a feature called Automatic Verification. The feature does exactly what its name alludes to: automatically verifies devices and Apple ID accounts without any action from the user.
As many as five security vulnerabilities have been addressed in Aethon Tug hospital robots that could enable remote attackers to seize control of the devices and interfere with the timely distribution of medication and lab samples. Aethon TUG smart autonomous mobile robots are used in hospitals around the world to deliver medication, transport clinical supplies, and independently navigate around to perform different tasks such as cleaning floors and collecting meal trays.
Researchers at healthcare cybersecurity company Cynerio just published a report about five cybersecurity holes they found in a hospital robot system called TUG. TUGs are pretty much robot cabinets or platforms on wheels, apparently capable of carrying up to 600kg and rolling along at just under 3km/hr. During what we're assuming was a combined penetration test/security assessment job, the Cynerio researchers were able to sniff out traffic to and from the robots in use, track the network exchanges back to a web portal running on the hospital network, and from there to uncover five non-trivial security flaws in the backend web servers used to control the hospital's robot underlords.
Mobile robot maker Aethon has fixed a series of vulnerabilities in its Tug hospital robots that, if exploited, could allow a cybercriminal to remotely control thousands of medical machines. Cynerio did find "Several" hospitals in the US and globally that were using the internet-connected robots, and in each of these cases the researchers could exploit the vulns to remotely control the robots from the Cynerio Live research lab.
NICE unveiled a Robo Ethical Framework promoting responsibility and transparency in the design, creation and deployment of AI-powered robots. NICE's ethical guidelines set the standard for designing, building and deploying robots, and form the basis for solid and ethically sound robot and human collaboration.
That's the kind of thing that I think is particularly cool. Bill Detwiler: I'd love to drill down on that a little bit and talk about those technologies that are making robotics really possible in ways that we didn't think about just even a decade ago, because I think most people think about how we've got automation, we've had that in factories for decades.
We built Pentest Robots to give infosec specialists more time to do work they enjoy, creating more value for their customers and advancing their professional growth. Scan your targets with robots to eliminate repetitive tasks, waiting times, and manual steps included in every pentest.
Sadly, continued attacks against healthcare and medical infrastructure will probably lead to serious consequences going into 2021. While there have been no known attacks against over-the-air updates to vehicle software, it will become a growing concern as more manufacturers adopt the technology.
A group of academic researchers has devised a new eavesdropping attack that leverages the lidar sensors present in commodity robot vacuum cleaners. The same method is used by laser microphones and basically LidarPhone transforms the lidar sensors on the vacuum cleaning robot into microphones.
Over the past year the 325th Security Forces Squadron have been trialing the security robots via a so-called "3D Virtual Ops Center," where the hardware hounds patrol the grounds and feed back data to central command. "These robot dogs will be used as a force multiplier for enhanced situational awareness by patrolling areas that aren't desirable for human beings and vehicles," said Major Jordan Criss, 325th Security Forces Squadron commander.