In my previous blog, I talked about the Medical Technology advancement and briefly its potential privacy and security risks. Last 2008 IEEE Symposium on Security and Privacy, an interesting material presented — it’s called “Pacemakers and Implantable Cardioverter Defibrillators: Software Radio Attacks and Zero-Power Defenses” by Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin Ransford, Shane S. Clark, Benessa Defend, Will Morgan, Kevin Fu, Tadayoshi Kohno, William H. Maisel .
According to case study and analyzes; the security and privacy properties of an Implantable Cardioverter Defibrillator (ICD) introduced to the U.S. market around 2003, this model of ICD includes pacemaker technology and is designed to communicate “wirelessly” with a nearby external programmer in the 175 kHz frequency range. They discovered after partially reverse-engineering the ICD’s communications protocol with an oscilloscope and a software radio, they implemented several software radio-based attacks that could compromise patient safety and patient privacy.
Motivated by desire to improve patient safety, and mindful of conventional trade-offs between security and power consumption for resource-constrained devices, they introduce three new zero-power defenses based on RF power harvesting. Two of these defenses are human-centric, bringing patients into the loop with respect to the security and privacy of their implantable medical devices (IMDs). Thier contributions provide a scientific baseline for understanding the potential security and privacy risks of current and future IMDs, and introduce human-perceptible and zero-power mitigation techniques that address those risks.
A pacemaker is a small device that’s placed in the chest or abdomen to help control abnormal heart rhythms. This device uses low-energy electrical pulses to prompt the heart to beat at a normal rate. Pacemakers are used to treat arrhythmias. Arrhythmias are problems with the rate or rhythm of the heartbeat.
Pacemakers, ICDs, and other IMD have improved and saved innumerable lives. To our knowledge, no IMD patient has ever been harmed by a malicious security attack. While our research demonstrates that such a scenario is possible, our goals in conducting this research are to: (1) demonstrate that IMD security and privacy vulnerabilities exist; (2) propose solutions to the identified weaknesses; (3) encourage the development of more robust security and privacy features for IMDs; and (4) improve the privacy and safety of IMDs for the millions of patients who enjoy their benefits. This paper, which focuses on a single ICD and our zero-power defenses, should be read in concert with our previous work , which surveys the potential security and privacy issues for broad classes of IMDs independent of any particular IMD technology.
Challenges, and wider issues.
According to the study that focuses on a single ICD, and therefore provides only a small snapshot in the evolution and breadth of ICD technologies and more general implantable medical devices (IMD). Nevertheless, they believe that this snapshot is necessary toward assessing the current trajectory of IMD security and privacy. Thy hope that the analyses and defenses presented in said paper will motivate broader scientific investigations into how to best provide security, privacy, safety, and effectiveness for future IMDs.
Improving IMDs security and privacy is, however, significantly challenging due to rapidly evolving threat models, trends toward longer-range wireless communication, explorations into multi-agent systems of intercommunicating IMDs and resource constraints of an IMD’s battery, processor, and memory. Moreover, as previously observed and analyse, there is tension between security (restricted access) and safety (open access in emergency scenarios); the zero-power notification portion of our WISPer prototype aims to address this tension.
Threats, Vulnerabilities and Risks
According the case study, some of the threats (if not all) to wireless IMDs include reprogramming, data thief, data tampering or corruption, denied of service attack. Vulnerabilities include unsecured or unencrypted wireless communication, lack of authentication and access control, and no, if not weak audit logs. The risks include patient safety compromise resulting from firmware malfunction or therapy/medical misconfiguration, device unavailability due to low battery, patient privacy loss due to data thief to unauthorized parties, and inappropriate medical follow-up due to tampering of patient readings.
What’s the state or risk level?
At this point there’s reason for us to be scared, and there’s no economic or financial gain doing to individual. Unless you’re a Senator, and you got one of this device implanted to your body and you got lots of enemies.
- “Implantable Pacemaker Testing Guidance,” found at http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM081382.pdf.
- D. Halperin, et al, “Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses,” Proceedings of the 2008 IEEE Symposium on Security and Privacy, Oakland, CA, 2008.
- D. Halperin et al, “Security and Privacy for Implantable Medical Devices,” in Pervasive Computing, Vol. 7, No. 1, January–March 2008.
- S. Capkun, “On Secure Access to Medical Implants,” Workshop on Security and Privacy in Implantable Medical Devices, Lausanne, Switzerland, April, 2011.