Research released at the Mobile World Congress 2019, held February 25-28 in Barcelona, described vulnerabilities in software that may exist in prosthetic devices. Kaspersky Lab experts investigated the experimental cloud infrastructure for an advanced bionic prosthesis and identified several security issues that could enable a third party to access, manipulate, steal, or delete the private data of device users. The tests were conducted with Motorica, a Russia-based prostheses developer.
The initial research identified several security issues in the device’s software, including an insecure http connection, incorrect account operations, and insufficient input validation. To correct the security issues, researchers with Kaspersky Lab’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) tested a remote cloud system that provided an interface for monitoring the status of registered biomechanical devices. According to Kaspersky Lab, the cloud system could give other developers tools to analyze the technical condition of other devices, including wheelchairs and other prosthetic devices.
“The results of our analysis are a good reminder that security needs to be built in to new technologies from the very start,” said Vladimir Dashchenko, security researcher at Kaspersky Lab ICS CERT. “We hope that other developers of advanced connected devices will want to collaborate with the security industry to understand and address device and system security issues and treat the security of devices as an integral and essential part of development.”
Support authors and subscribe to content
This is premium stuff. Subscribe to read the entire article.