The Internet of Medical Devices... saving grace or horror story?
While Implantable Medical Devices (IMDs) allow doctors to monitor progress and collect data without having to resort to surgery, new research shows how unsecure even the third generation of these devices are.
The report, with findings from six researchers in the U.K. and Belgium, shows how to reverse-engineer popular models of IMDs with no prior knowledge, few tools, and from distances of 2-5 meters away.
The researchers were able to show how different attack methods could cause different levels of detriment to the patients.
By planting an antenna in a strategic location—say a hospital or transit stop—hackers could steal personal information such as a patient's identity, treatment plans, locations frequently visited, or current state of health.
These devices can also experience DoS attacks, if hackers were to alternate between their four basic modes of operations (sleep, interrogation, reprogramming, and standby) at the wrong times. This is especially alarming for devices that send out regular electric pulses at specific intervals, such as to control heartbeat, for example.
By using higher-end equipment with better antennas, the attack distance can increase significantly. You wouldn’t even have to be in proximity to someone’s medical device to locate it and disrupt its normal functions.
Because this form of reverse-engineering was only possible from a black-box approach, the report says, “Our results demonstrated that security-by-obscurity is a dangerous design approach that often conceals negligent designs. Therefore, it is important for the medical industry to migrate from weak proprietary solutions to well-scrutinised security solutions and use them according to the guidelines.”
Luckily, the researchers were also able to provide several short- and long-term solutions to better secure IMDs. Adding a “shutdown” feature to external devices that the internal device is communicating with can allow malicious signals to be temporarily blocked.
The report also advocates adding standard symmetric key authentication and encryption between the IMD and its programmer, with a semi-offline protocol so that the master key isn’t stored in every device or a cloud.
These findings will be presented next week at the Annual Computer Security Applications Conference (ACSAC) in Los Angeles. The researchers presented their data to the device manufacturers before publication.
