Hacking implantable medical devices to expose life-threatening security flaws
06 February 2018
Most implanted medical devices include wireless capabilities that use proprietary security protocols. This piece explains how researchers successfully reverse engineered such protocols in order to highlight the need for stronger security mechanisms in future medtech.
The team’s goal was to prove that security flaws within such devices can have serious consequences for patient safety and privacy. We evaluated the security of the proprietary protocols used by a variety of widely-used IMDs by using National Instruments Universal Software Radio Peripheral (NI USRP) hardware and LabVIEW software to wirelessly intercept and analyse the wireless transmissions between IMD and device programmer.
Most IMDs include wireless capabilities that enable doctors to remotely monitor and reprogram them through an external device. We would expect cryptography to be used to protect the communication between the IMD and the device programmer. However, in practice, medical companies typically use proprietary (non-standard) protocols, keeping the protocol specifications secret (‘security-through-obscurity’).
The goal of our research was to show that this is a risky approach, which can not only be broken through reverse engineering techniques, but could result in breaching patient privacy, or even worse, fatalities.
Reverse engineering proprietary protocols implies discovering both:
(a) the format of the messages being sent over the air; and
(b) how these messages are exchanged between the devices.
This is challenging because device manufacturers don’t share information about how their protocols work. One possibility would be to physically open the devices and analyse their software. However, we followed a non-invasive, black-box approach, which consisted of providing inputs to the devices and then inferring information about the protocol by monitoring the outputs.
Our black-box process is labour intensive, but mimics the approach that less skilled adversaries could use to hack IMDs without prior knowledge about system specifications.
It demonstrates the feasibility of reverse engineering the protocol by wirelessly intercepting messages sent over the air between the devices, without physical access.
We aimed to emphasise the importance of wireless security in medical devices. Using the NI platform, we successfully reverse engineered the proprietary protocols of different IMDs from major medical equipment manufacturers, demonstrating that security-by-obscurity is a flawed approach that often conceals negligent designs.
We have shown that, using a simple black-box approach to reverse engineer proprietary protocols, malicious hackers could eavesdrop IMD channels to learn sensitive patient information. Worse still, they could send commands to the IMD to cause it to drain its batteries, and modify or disable a therapy. No physical access is required to pull off these attacks, and the consequences could prove fatal for the patient.
We hope that the results that we provided to the manufacturers emphasise the need to improve the security mechanisms of IMDs, through the inclusion of strong cryptography and standard symmetric key authentication – and ultimately accelerate the process by which this is done.
Contact Details and Archive...