

Interoperable Telesurgery Protocol Plaintext Unauthenticated MitM Hijacking - CRidge
http://osvdb.org/121842

======
andrewstuart2
So, run it over a VPN.

I'm not saying that they shouldn't add security to their protocol, but I can
think of several ways off the top of my head to stay secure. The application-
layer protocol doesn't have to be the one to implement it, network-level
encapsulation can help you there.

I'm not sure how old the protocol is, but perhaps it was more important to get
it working and wrap it in a VPN and then iterate on that design.

~~~
maffydub
Agreed.

It looks as though the researchers saw that as a possibility too:

"It is possible to temporarily mitigate the flaw by implementing the following
workaround: Researchers have demonstrated that ITP can be operated over
TLS/DTLS, using certificate-based authentication to ensure the security and
integrity of the protocol."

I don't really understand why this is only a "temporary mitigation", though,
rather than a reasonable long-term solution. Can anyone enlighten me?

Maybe the extra technical complexity of setting up these certificates is
deemed too great, and the likelihood of people getting it wrong too high?

~~~
tptacek
Why is that a "temporary" fix? Segregating insecure protocols to VPNs,
encrypted tunnels, and backchannel networks is one of the oldest most time-
honored tools in the security design toolbox. Not only is it a real fix, but
it's probably the _right_ fix.

~~~
thirsteh
You must not have gotten the memo: Google exposed some of their corporate
systems to everyone, therefore VPNs are now useless and have always been
useless.

:)

~~~
jasonjei
Agreed. Trusting VPNs to be totally secure, especially on a big organization
like a hospital, seems insane. At the surgery level, you want to make sure the
malware infected laptop or some open wireless access point doesn't come up
with more creative surgeries.

------
virgil_disgr4ce
Did some digging on this. Basically: 1) Some researchers wrote a paper called
"Preliminary protocol for interoperable telesurgery" in 2009.
([http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.160...](http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.160.867&rep=rep1&type=pdf))
2) At the end of the paper, they write: "Also, security is an obvious
requirement for real world adoption of this kind of service." 3) Last month,
some other people showed that you could hax0r this unprotected protocol:
[http://www.technologyreview.com/view/537001/security-
experts...](http://www.technologyreview.com/view/537001/security-experts-hack-
teleoperated-surgical-robot/)

So in other words, somebody demonstrated that a preliminary protocol that
admitted it didn't have any security was insecure. Woo!

~~~
tedunangst
> And video encryption probably isn’t practical over the kind of network links
> envisaged for remote surgery in extreme locations. That may not be a
> security concern but it does raise important issues of privacy.

That's a curious statement. How does encrypting video increase its bandwidth
requirements?

~~~
gliese1337
Typical block ciphers generally require adding padding, which increases the
number of bytes that need to be transmitted. But that's negligible for any
significant amount of data. I don't think it would ever noticeably increase
bandwidth requirements.

~~~
zAy0LfpBZLC8mAC
Well, counter mode is probably a better idea anyhow--but neither 16 bytes of
padding per frame nor the same amount of MAC will be an actual bandwidth
problem.

------
DyslexicAtheist
I access the site and get:

Checking your browser before accessing osvdb.org.

This process is automatic. Your browser will redirect to your requested
content shortly.

Please allow up to 5 seconds… DDoS protection by CloudFlare Ray ID:
1eaaa26e86870920

have I gone back in time to 1995?

------
lotsofcows
Authentication and encryption are hard problems. They're also solved problems
(for some definition of solved). Like any other protocol, it should
concentrate on solving its own problem well and leave unrelated problems to
others.

------
araes
Make a great major news story. I can think of almost nothing more terrifying
than being naked on a table with some random haxxor operating a rogue
telesugery robot over me. Makes even normal surgery sound good.

------
frozenport
There is nothibg wrong with text, some of the intended uses of the protocol
are over rs232.

------
jameskozart
wow, too lame

