Hacking Medical Devices
Hacking (gaining access to a device through unintended means) commonly has negative connotations, but it need not imply an intent to destroy data or harm hardware. I’ll use the term Hacking in this blog, with the acknowledgement that when malicious intent is involved, a better term is Cracking.
Hacking medical devices is not new, but its popularity has grown with the increasing sophistication and quantity of electronics in these devices. Hacks on medical devices such as Insulin Pumps and Implanted Cardioverter Defibrillators (ICD) have been known for several years.
The following vulnerabilities have been demonstrated in ICDs:
- patient information can be read back in plain text
- the ICD operating mode can be controlled. For example, an unauthorized person can alter the therapy, or drain the battery by putting the ICD into continuous transmit mode.
With more devices employing embedded computers and becoming ‘intelligent’, the opportunity and attraction of hacking them grows.
Why would someone attempt to penetrate the inner workings of a medical device? Here are a few reasons (some of which definitely fall within the definition of cracking):
- to gain knowledge of how the device works – out of pure interest or to reverse engineer it
- for off-label use (treating a medical condition for which the device has not been intended)
- to bypass single-use or pay-per-use features
- to access patient data or personal information
- to damage the device or harm a patient
- for the prestige associated with a clever accomplishment
To hack successfully, there needs to be a backdoor – an access into the device that is either there intentionally or as a side-effect of the components used. Designers will often include backdoors for debugging during the design phase, for testing and calibration in manufacturing, or to enable field updates by service technicians. End-users are not expected to use these backdoors, and commonly the designer relies on the fact that the backdoor’s existence is not published to protect it against misuse.
Back-doors into devices are accessed via:
- physical means, such as removing a panel to expose internal mechanisms or circuitry
- plugging into connectors or ports normally unused by the consumer
- exceeding normal operating parameters. Examples include operation at higher or lower than specified voltages and temperatures.
- decrypting internal or external communications
- inspection technologies like x-ray and thermal imaging
Some of these back-door access techniques can become quite sophisticated. For example, encryption keys used by an integrated circuit can sometimes be discerned by monitoring the power consumption of the chip while it is encrypting/decrypting data. A good article on this topic is at Hacking Medical Devices
Fortunately there are techniques for protecting against the hacking of medical devices. Some protection techniques include:
- tamper-resistant fasteners and potting compounds to hinder physical access
- using robust encryption algorithms and countermeasure-equipped ICs
- break-off tabs and one-way latching teeth (as found on cable ties) to ensure single-use
- out-of-limit detection (e.g. undervoltage is sensed and disables key circuit components)
- obfuscation by scrambling or adding randomness to data, removing markings from key components
- during manufacture, not populating components only used during development
- requiring factory-supplied enabling keys
- disabling test points after manufacture
- wiping electronic memory after use
- body-worn friendly jammers preventing adversaries from remotely eavesdropping on a person’s medical device.
Depending on the nature of the device, one or more of these protections should be used to ensure device control remains with authorized users and that private data is not exposed. Choosing the appropriate protection is typically a part of risk mitigation during the Risk Analysis cycle. When assessing the hazards, one should assume that source code and designs will become known to outside parties; relying solely on proprietary processes and secrecy to protect a device is usually insufficient.
A few sources of further information and examples of medical device vulnerabilities to hacking are:
- M. Rostami, W. Burleson, A. Juels, F. Koushanfar, “Balancing Security and Utility in Medical Devices?” to appear in Proceedings of Design Automation Conference 13, May-June 2013
- W. Burleson, S. S. Clark, B. Ransford, and K. Fu, “Design challenges for secure implantable medical devices,” in Proceedings of Design Automation Conference, pp. 12–17, 2012.
Image: 125226354 / Hacking © Rawpixelimages | Dreamstime.com
Leave a Reply