Crisis of remote takeover by hacking autonomous robots introduced by hundreds of hospitals



It was discovered that the system of '

Aethon ', which develops an autonomous robot responsible for transporting medicines, specimens, food, etc., was vulnerable to remote control.

JekyllBot: 5 Command Center
https://www.cynerio.com/jekyllbot-5-command-center

Autonomous robots used in hundreds of hospitals at risk of remote hijacks | TechCrunch
https://techcrunch.com/2022/04/12/aethon-robots-hospitals-hijacks/

According to researchers at cybersecurity company Cynerio, the vulnerability lies not in the robot itself, but in the base server that communicates with and controls the robot. The base server has a web interface that can be accessed from within the hospital network, but it is vulnerable to allowing guest users to view real-time robot cameras, schedules, and tasks without the need for a password. Became clear. Researchers call the five critical vulnerabilities 'Jekyll Bot.'



The robot's functionality was protected by an administrator account, but the vulnerability could allow hackers to operate the robot without the need for administrator account credentials, researchers said. By using sex, you can remotely control a robot or operate an elevator in a hospital. '

It is said that potential risks can be avoided if access to the robot is restricted only from the local network, but if not, it can be attacked from anywhere, so Aethon's robot is introduced. Hundreds of hospitals around the world may be at risk.



Aethon has updated the firmware in response to a report from Cynerio. It reports that it has fixed the vulnerability. TechCrunch, who reported the issue, said, 'Aethon CEO Peter Seiff acknowledged the vulnerability but did not answer other questions such as what percentage of robots the update was applied to.' increase.

in Posted by log1p_kr