Kaspersky Lab experts have investigated an experimental cloud infrastructure for advanced bionic prostheses and have identified security issues that could enable a third party to access, manipulate, steal, or delete the private data of device users. The findings were shared with manufacturer Motorica, a Russian start-up that makes bionic upper limb prostheses to assist people with disabilities, allowing them to address the security issues.
The Internet of Things (IoT) is no longer only about connected watches or smart homes, but about highly complex and increasingly automated ecosystems. This includes connected technologies for healthcare. In the future, such technologies could shift away from being purely support devices, to becoming mainstream and used by consumers keen to extend the capabilities of the human body. Therefore, it is critical that manufacturers investigate and address any existing or potential security risks in current products, as well as their supporting infrastructure.
Kaspersky Lab ICS CERT researchers have undertaken a cybersecurity assessment of a test software solution for a digital prosthetic hand, developed by Motorica. The solution itself is a remote cloud system, providing an interface for monitoring the status of registered biomechanical devices. It also gives other developers an existing toolset for analysis of the technical condition of devices like smart wheelchairs, artificial hands and prosthetic feet.
The initial research identified several security issues in the software. These included an insecure HTTP connection, incorrect account operations, and insufficient input validation.
When in use, the prosthetic hand transmits data to the cloud system. Due to these security gaps, an attacker could:
- Gain access to information held in the cloud about all connected accounts, including logins and passwords in plaintext for all the prosthetic devices and their administrators
- Manipulate, add, or delete such information
- Add or delete their own users, including users with administrator rights
“New technologies are bringing us to a new world in terms of bionic assisting devices,” said Ilya Chekh, CEO at Motorica. “It is now of crucial importance for the developers of such technologies to collaborate with cybersecurity solution vendors. That will allow us to make even theoretical cases of attacks on the human body impossible.”
For manufacturers of bionic devices and other smart technologies, Kaspersky Lab recommends the following security measures:
- Review threat models and vulnerability classifications for relevant web-based and IoT technologies, provided by industry experts, such as OWASP IoT Project.
- Introduce secure software development practices based on
a properlifecycle. To evaluate existing software security practices, use a systematic approach like OWASP OpenSAMM.
- Establish a procedure for obtaining information on relevant threats and vulnerabilities to ensure proper and timely response to any incidents.- Regularly update operating systems, application and device software, and security solutions.
Implementcybersecurity solutions designed to analyze network traffic, detect and prevent network attacks – at the boundary of the enterprise network and at the boundary of the OT network.
- Use a security solution with machine learning anomaly detection (MLAD) technology to reveal deviations in IoT device behaviour — for early detection of attack, failure or damage of the device.
Google announces its ‘Netflix for gaming’
The new gaming platform, Stadia, promises high-definition gaming on TVs, computers, and mobile devices, writes BRYAN TURNER.
Google has announced that it has moved into the gaming space, and it focuses on two big aspects of gaming: streaming of games for gamers, which will allow gamers to game anywhere with a fast, low-latency Internet connection; and audiences that watch gamers in-game.
This is a big move in making gaming accessible to more gamers, as it reduces hardware costs, by utilising the benefits of low-latency cloud computing. This will be achieved by using a globally connected network of Google data centres. Gamers who stream games are most likely already using a high-speed, low-latency Internet connection, so access to the Stadia platform will be an added expense.
Through the Stadia platform, gamers will be able to access a large library of games at all times, with no installation time, on virtually any screen. Scaling of hardware like CPU, GPU, memory, and storage is also possible, as one would for cloud server resources.
Google will be leveraging its other platforms, like YouTube, with Stadia streaming. It claims that 200-million people are watching game-related content daily on YouTube. This allows, for example, Stadia players to jump in with other Stadia players – no downloads, no updates, no patches, and no installs.
For console players, Google has designed a custom controller.
The controller was designed to establish a direct connection from the Stadia controller to Google’s data centre through Wi-Fi for the best possible gaming performance. The controller also includes a button for instant capture, saving, and sharing gameplay in 4K resolution. It sports a Google Assistant button and built-in microphone, as many Google products do, for voice control.
The device is expected to be released later this year, pending FCC approval.
Nintendo announces Stranger Things 3 game
The Netflix Original show is set to launch a retro-style game on the Nintendo Switch.
In collaboration with Netflix, developer BonusXP has created Stranger Things 3: The Game. It is the official companion game to Season 3 of the hit original series. The game and latest season are expected to launch on US Independence Day, the 4th of July, a date that will, of course, stick in American gamers’ memories.
This adventure game blends a distinctively retro 16-bit art style, reminiscent of games from the time when the series was set. It is claimed to have modern gameplay mechanics to deliver nostalgic fun with a fresh new twist. Players will be able to experience their favourite show through a mix of exploration, puzzles, and combat.
Just ad in the show, teamwork is at the heart of Stranger Things 3: The Game. Players can team up in a two-player local co-operative, or in single player mode alongside an AI partner. Players can choose to play as one of twelve characters from the show, each with different abilities and attributes. Together, they’ll play through familiar events from the series, while also uncovering never-before-seen Stranger Things secrets, ensuring a fun experience for those new to the world of Stranger Things as well as for those familiar with the series.
- Experience the show in a new way, exploring the eerie world of Hawkins to uncover new mysteries beyond what’s seen in Season 3.
- Jump right into the action of this pick-up-and-play adventure: gameplay mechanics that allow players from beginner to advanced skill levels to get in on the fun.
- Take your game to a higher level by trying out different character combinations and collecting all the secrets the expansive world of Hawkins has to offer.
- Team up with a friend, leveraging drop-in/drop-out local co-op to take on the mysterious monsters of Hawkins together. While playing solo, use a collection of “buddy commands” to control both characters and still experience all the fun.
- Choose from 12 playable characters, each with their own unique talents and stats.