Medical Implants Can be Hacked

Uploaded on 2016-12-19 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Health & Welfare

It is now possible to transmit life-threatening signals to implanted medical devices with no prior knowledge of how the devices work, researchers in Belgium and the UK have demonstrated.

By intercepting and reverse-engineering the signals exchanged between a heart pacemaker-defibrillator and its programmer, the researchers found they could steal patient information, flatten the device's battery, or send malicious messages to the pacemaker.

The attacks they developed can be performed from up to five meters (16 feet) away using standard equipment, but more sophisticated antennas could increase this distance by tens or hundreds of times, they said.

"The consequences of these attacks can be fatal for patients as these messages can contain commands to deliver a shock or to disable a therapy," the researchers wrote in a new paper examining the security of implantable cardioverter defibrillators (ICDs).

These devices monitor heart rhythm and can deliver either low-power electrical signals to the heart, like a pacemaker, or stronger ones, like a defibrillator, to shock the heart back to a normal rhythm.

At least 10 different types of pacemaker are vulnerable, according to the team, who work at the University of Leuven and University Hospital Gasthuisberg Leuven in Belgium, and the University of Birmingham in England. Their findings add to the evidence of severe security failings in programmable and connected medical devices such as ICDs.

They were able to reverse-engineer the protocol used by one of the pacemakers without access to any documentation, and this despite discovering that the manufacturer had made rudimentary attempts to obfuscate the data transmitted. Previous studies of such devices had found all communications were made in the clear.

"Reverse-engineering was possible by only using a black-box approach. Our results demonstrated that security by obscurity is a dangerous design approach that often conceals negligent designs," they wrote, urging the medical devices industry to ditch weak proprietary systems for protecting communications in favor of more open and well-scrutinized security systems.

Among the attacks they demonstrated in their lab were breaches of privacy, in which they extracted medical records bearing the patient's name from the device. In developing this attack, they discovered that data transmissions were obfuscated using a simple linear feedback shift register to XOR the data. At least 10 models of ICD use the same technique, they found.

They also showed how repeatedly sending a message to the ICD can prevent it from entering sleep mode. By maintaining the device in standby mode, they could prematurely drain its battery and lengthen the time during which it would accept messages that could lead to a more dangerous attack.

One saving grace for the ICDs tested is that, before they will accept any radio commands, they need to be activated by a magnetic programming head held within a few centimeters of the patient's skin.

For up to two hours after a communications session is opened in that way, though, the ICDs remained receptive to instructions not just from legitimate programming or diagnostic devices but also from the researchers' software-defined radio, making it possible to initiate an attack on a patient after he or she left a doctor's office.

Until devices can be made with more secure communications, the only short-term defense against such hijacking attacks is to carry a signal jammer, the researchers said. A longer-term approach would be to modify systems so that programmers can send a signal to ICDs, putting them immediately into sleep mode at the end of a programming session, they said.

Previous reports of hackable medical devices have been dismissed by their manufacturers.
The researchers in Leuven and Birmingham said they had notified the manufacturer of the device they tested, and discussed their findings before publication.

Computerworld:             Medical Devices Are The Weak Link:

 

 

« British Police - Stay Safe From Cyber Crime This Christmas
An Entire Anti-Drone Industry Is Emerging »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Security Magazine

Security Magazine

Security, the business magazine for security executives, focuses on management issues facing top security professionals and effective solutions being employed, both physical and cyber.

KayHut

KayHut

KayHut is a young, innovative company engaged in cyber research and security solutions.

HYPR

HYPR

HYPR Decentralized Authentication minimizes the risk of enterprise data breaches while providing an enhanced user experience for your customers and employees.

Innovent Recycling

Innovent Recycling

Innovent Recycling provides a secure IT recycling & data destruction service to all types of organizations across the UK.

Arkose Labs

Arkose Labs

Arkose Labs' Fraud and Abuse Platform combines Telemetry and adaptive Enforcement Challenges to break down the ROI of fraudsters and protect digital businesses.

Experis

Experis

Experis provide IT resourcing, project solutions and managed services. We enable organizations to cultivate individuals and teams prepared for the digital age.

MorganFranklin Consulting

MorganFranklin Consulting

MorganFranklin Consulting is a management advisory firm that works with businesses and government to address complex and transformational technology and business objectives including cybersecurity.

Gotham Digital Science (GDS)

Gotham Digital Science (GDS)

Gotham Digital Science is an international security services company specializing in Application and Network Infrastructure security, and Information Security Risk Management.

Celebrus

Celebrus

Celebrus Fraud Data Platform, by D4t4 Solutions, works with existing fraud structures to augment functionality and turn fraud management into true fraud prevention.

Canadian Cyber Threat Exchange (CCTX)

Canadian Cyber Threat Exchange (CCTX)

The CCTX is Canada’s not-for-profit, private-sector cyber threat sharing hub and collaboration centre.

CYTUR

CYTUR

CYTUR provide trusted and secured maritime cybersecurity solutions to keep ships safe, protecting them, their crews, cargo and all stakeholders from maritime cyber threats.

ABPSecurite

ABPSecurite

ABPSecurite is a leading value-added distributor and a network performance solutions provider.

Camms

Camms

Camms are a team of experienced professionals dedicated to providing innovative GRC software solutions that help organizations manage risk, make informed decisions, and drive positive change.

SecureCyber

SecureCyber

Secure Cyber Defense offers industry-leading technology and managed detection and response solutions.

System Two Security

System Two Security

System Two Security automates detection engineering and threat hunting.

Texas Cyber Solutions

Texas Cyber Solutions

Texas Cyber Solutions are elite cybersecurity advisors based in Houston, Texas providing network security solutions, penetration testing, and more.