Kaspersky Lab found that devices such as bionic prostheses are vulnerable to security loopholes.
To keep the devices safe, Kaspersky advise that companies:
Kaspersky Lab ICS CERT researchers, in partnership with Motorica, have undertaken a cybersecurity assessment of a test software solution for a digital prosthetic hand developed by the Russian start-up.
The findings were shared with the manufacturer Motorica, a Russian high-technology start-up that develops bionic upper limb prostheses to assist disabled people, enabling them to address the security issues.
The initial research identified several security issues. These include insecure http connection, incorrect account operations and insufficient input validation. When in use, the prosthetic hand transmits data to the cloud system. Due to the security gaps, an attacker could:
To keep the devices safe, Kaspersky advise that companies:
- Check out threat models and vulnerability classifications for the relevant web-based and IoT technologies, provided by industry experts, such as OWASP IoT Project.
- Introduce secure software development practices based on the proper lifecycle. To evaluate existing software security practices use a systematic approach — for example, OWASP OpenSAMM.
- Establish a procedure for obtaining information on relevant threats and vulnerabilities to ensure proper and timely response to any incidents.
- Regularly update operating systems, application and device software and security solutions.
- Implement cybersecurity solutions designed to analyze network traffic, detect and prevent network attacks – at the boundary of the enterprise network and at the boundary of the OT network.
- Use a protection solution with machine learning anomaly detection (MLAD) technology to reveal deviations in IoT devices’ behavior — for early detection of attack, failure or damage of the device.
Kaspersky Lab ICS CERT researchers, in partnership with Motorica, have undertaken a cybersecurity assessment of a test software solution for a digital prosthetic hand developed by the Russian start-up.
The findings were shared with the manufacturer Motorica, a Russian high-technology start-up that develops bionic upper limb prostheses to assist disabled people, enabling them to address the security issues.
The initial research identified several security issues. These include insecure http connection, incorrect account operations and insufficient input validation. When in use, the prosthetic hand transmits data to the cloud system. Due to the security gaps, an attacker could:
- Gain access to information held in the cloud about all the connected accounts (including logins and passwords in plaintext for all the prosthetic devices and their administrators)
- Manipulate, add or delete such information
- Add or delete their own regular and privileged users (with administrator rights).
Comments