Vulnerabilities discovered in cloud infrastructure for bionic prostheses
The experimental cloud infrastructure for advanced bionic prostheses, intended for people with disabilities, suffers from security vulnerabilities. Researchers argue that this could allow attackers to gain access to private data.
Security company Kaspersky Lab investigated the software of bionic prostheses for the upper limbs of the Russian manufacturer Motorica. It would be an external cloud system that monitors the status of all registered biomechanical equipment. According to the researchers, there was an insecure http connection, incorrect account operations and insufficient input validation.
When a Motorica prosthetic hand is in use, it transmits statistics and other data to the cloud system via an integrated SIM card. The weak security, according to Kaspersky Lab, allows a cyber attacker to access information in the cloud about all connected accounts and thereby manipulate, expand or delete information.
The research was carried out at the request of Motorica itself. Kaspersky Lab has shared its findings with the Russian manufacturer so that the company can close the vulnerabilities.