Smart Malware that Uses Leaked Control Data of Robotic Applications: The Case of Raven-II Surgical Robots


Keywhan Chung and Xiao Li, University of Illinois at Urbana-Champaign; Peicheng Tang, Rose-Hulman Institute of Technology; Zeran Zhu, Zbigniew T. Kalbarczyk, Ravishankar K. Iyer, and Thenkurussi Kesavadas, University of Illinois at Urbana-Champaign


In this paper, we demonstrate a new type of threat that leverages machine learning techniques to maximize its impact. We use the Raven-II surgical robot and its haptic feedback rendering algorithm as an application. We exploit ROS vulnerabilities and implement smart self-learning malware that can track the movements of the robot’s arms and trigger the attack payload when the robot is in a critical stage of a (hypothetical) surgical procedure. By keeping the learning procedure internal to the malicious node that runs outside the physical components of the robotic application, an adversary can hide most of the malicious activities from security monitors that might be deployed in the system. Also, if an attack payload mimics an accidental failure, it is likely that the system administrator will fail to identify the malicious intention and will treat the attack as an accidental failure. After demonstrating the security threats, we devise methods (i.e., a safety engine) to protect the robotic system against the identified risk.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {242054,
author = {Keywhan Chung and Xiao Li and Peicheng Tang and Zeran Zhu and Zbigniew T. Kalbarczyk and Ravishankar K. Iyer and Thenkurussi Kesavadas},
title = {Smart Malware that Uses Leaked Control Data of Robotic Applications: The Case of {Raven-II} Surgical Robots},
booktitle = {22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019)},
year = {2019},
isbn = {978-1-939133-07-6},
address = {Chaoyang District, Beijing},
pages = {337--351},
url = {},
publisher = {USENIX Association},
month = sep