Karspersky raises a future of connected prosthetics ... but with antivirus
Kaspersky is a company known mainly for its antivirus solutions, gaining special popularity in the golden age of the desktop PC. But time and the rise of mobile devices has not made this Russian company lose its way. Like other similar companies, Kaspersky is now dedicated to offering comprehensive security solutions for various devices and research to predict what we will have to protect in the future.
And it is here where the researchers at the Kaspersky Lab ICS CERT have made the following approach: we are going towards a future in which we will have to protect prostheses. Their evolution is taking advantage of the whole advance of the Internet of Things, and at Kaspersky they believe that as they connect more to the network they can become more vulnerable to attacks.
Security in the IoT, "an aubergine"
Sergey Temnikov, one of the experts at the Kaspersky Lab ICS CERT, showed us how easy it can be to obtain the administrator passwords of a service that manages the data of several connected prostheses. With them, manipulating and falsifying your usage statistics is easy.
How serious can that attack be? To spell out what the threats to future biotic prostheses may be like, Kaspersky has worked closely with the manufacturer Motorica to create software that collects data on the condition of the prostheses. All we have to do is imagine connected bionic prostheses that communicate their conditions and usage statistics to a server to determine if that prosthesis needs to be revised or replaced. Technically it is possible, it only needs that this prosthesis has a SIM card and a mobile data modem chip inside.
With this approach, an attacker can obtain passwords using phishing techniques and falsify or erase the data stored on the server. You could also add prosthetics that don't exist, with false statistics that alter the deductions experts can draw.In Kaspersky's hypothesis, prosthetics are not capable of receiving remote data or commands, but it is technically possible.
And we are only talking about basic one-way connections, with the prosthesis sending data but not being able to receive anything. If we imagine a connected bionic prosthesis that can receive data and / or orders, we would have to talk about the possibility of attackers being able to remotely deactivate the prostheses.
In the upper and header image, two of the prostheses manufactured by Motorica.
Kaspersky relies on this approach to alert all involved authors. At the last Mobile World Congress, Sergey Temnikov and Vladimir Deshchenko, members of the ICS CERT Lab, declared that security in the so-called Internet of Things is "an eggplant"which will have to be improved as objects as important as prostheses are connected and can suffer vulnerabilities like any other device.
Does this mean that we are going to have to install antivirus on our artificial arms and legs? We do not have to wait for the future to imagine how a connected prosthesis can transmit data, but in the short term, the threats that Kaspersky teaches us are more about protecting the entire part of data transmission and management on the server.
However, the future should not be underestimated. Prostheses are advancing at a rate never seen before thanks to the latest technological advances, so in five years we could see things that we cannot even imagine right now. Not only in terms of materials and external features, but also at the software level. We cannot affirm that we are going to need the protection that Kaspersky comments for all that, although we cannot trust that we are not going to need any.