University of Washington engineers hacked a teleoperated surgical robot to test how easily a malicious attack could hijack remotely controlled operations. Incorporating security measures will be critical to the safe adoption and use of the robotic technology.

To expose vulnerabilities, the UW team mounted common types of cyberattacks as study participants used a teleoperated surgical robot to move rubber blocks between pegs on a pegboard.

By mounting “man in the middle” attacks, which alter the commands flowing between the operator and robot, the team was able to maliciously disrupt a wide range of the robot’s functions — making it difficult to grasp objects with the robot’s arms — and even to completely override command inputs. During denial-of-service attacks, in which the attacking machine flooded the system with useless data, the robots became jerky and harder to use.

The UW engineers are developing the concept of “operator signatures,” which leverage the ways in which a particular surgeon or other teleoperator interacts with a robot to create a unique biometric signature.

By tracking the forces and torques that a particular operator applies to the console instruments and his or her interactions with the robot’s tools, the researchers have developed a new way to authenticate that the operator is the person he or she claims to be. Monitoring the actions and reactions during a telerobotic procedure could also give early warning that someone else has hijacked that process.