4. Implantable Medical Devices
Device inserted into human body for medical purposes
Small size
Tiny computing platform with firmware[28]
Programmable[28]
Limited Resources[28]
Limited Power[28]
Network-connected
5. Deep Brain
Neurostimulator[1]
Deep brain neurostimulator. http://www.synaptix.be
Use for treatment of movement and affective disorders[6]
• Parkinson’s disease
• Essential tremor
• Dystonia
• Chronic Pain
• Major depression
• OCD
6. Cochlear Implant[3]
Cochlear implant. www.medel.com.
May helps patients with deaf to enable sufficient
hearing for better understanding of speech[7]
7. Gastric Stimulator[2]
• Attached to the surface of the stomach[7]
• Aimed at obesity management[7]
Implant Cardiac Defibrillator[4]
• Implanted in the upper left chest and the lead in the right ventricle of the heart[9]
• Detect Cardiac Arrhythmia and correct it with brief electrical impulse[9]
Insulin Pumps[5]
• Implanted under the skin[10]
• Administer the insulin for the treatment of diabetes mellitus patient[10]
8. ACNR. Foot drop. http://www.acnr.co.uk
Foot Drop Implant
• Implanted on peroneal nerve, proximal to the knee[11]
• Gait abnormality, which dropping the forefoot[12]
10. IMD Data[28] Static Data
• Device make and model number
Semi-static Data
• Physician & Health Center ID
• Patient Name and DOB
• Medical Condition
• Therapy configuration
Dynamic Data
• Patient health status history
• Therapy and dosage history
• Audit logs
11. Threats[28]
Patient data extraction
Patient data tampering
Device re-programming
Repeated access attempts
13. Attacks Pacemakers & ICDs : software radio attacks
and Zero-Power defenses[26]
Resource depletion attacks[27]
pacemaker or ICDs
Insulin pumps
14. Attacks Pacemakers & ICDs : software radio attacks and
Zero-Power defenses[26]
Pacemakers & ICDs :
software radio attacks
and Zero-Power
defenses[26]
Resource depletion
attacks[27]
pacemaker or ICD
insulin pumps
Non-encrypted sensitive information
Reprogramming attack
Communicate with unauthenticated device DoS
3 adversaries:
Adversary with commercial ICD programmer
Passive adversary : eavesdrops communication
Active adversary : generate arbitrary RF
15. Attacks
Resource depletion attacks[27]
bladeRF. www.nuand.com
Pacemakers & ICDs :
software radio attacks
and Zero-Power
defenses[26]
Resource depletion
attacks[27]
pacemaker or ICD
insulin pumps
Forced authentication attack:
software defined radio (bladeRF[29]/hackRF[30])
Communications and computations
Security logs
16. Attacks
Pacemakers & ICDs :
software radio attacks
and Zero-Power
defenses[26]
Resource depletion
attacks[27]
pacemaker or ICD
insulin pumps
Pacemaker or ICD[32]
• Device shut-off
• Read and write
• Deliver electric shock up to 830 Volts
Insulin Pumps
• Supply more insulin[33]
• Hacking Medical Devices for Fun and Insulin: Brea-king
the Human SCADA System[34] Blackhat 2013
19. Criteria for
IMD
Safety and Utility
Goals
Security and
Privacy Goals
Data access
Data accuracy
Device identification
Configurability
20. Criteria for
IMD
Safety and Utility
Goals
Security and
Privacy Goals
Updatable software
Multi-device coordination
Auditable
Resource efficient
21. Criteria for
IMD
Safety and Utility
Goals
Security and
Privacy Goals
Authorization
• Personal
• Role-based
• IMD selection
Availability
Device software and testing
22. Criteria for
IMD
Safety and Utility
Goals
Security and
Privacy Goals
Device-existence privacy
Device-type privacy
Specific-device ID privacy
Measurement and log privacy
23. Criteria for
IMD
Safety and Utility
Goals
Security and
Privacy Goals
Bearer privacy
Data Integrity
26. Others work MedMon: with wireless monitoring and anomaly
detection[18]
• Snoops radio-frequency wireless
• Multi-layer anomaly detection
• Identify malicious transactions
• Response: passive (notify user) or active (jamming
packets)
IMDShield[16]
• Jam IMD’s messages and unauthorized commands
27. “At this time we believe that the risk is low and the
benefits of the therapy to people with diabetes outweigh the
Risk of an individual criminal attack”
Amanda McNulty Sheldon
Director of Public Relations for Medtronic Diabetes
http://www.bloomberg.com/video/87427352-mcafee-s-barnaby-on-medical-device-hacking.html
28. References
1. Deep brain neurosimulator. www.virtualworldlets.net. Web. 7 Aug 2014.
2. Gastric Stimulator. www.medicalexpo.com. Web. 7 Aug 2014.
3. Cochlear Implant. http://professionals.cochlearamericas.com. Web. 7 Aug 2014.
4. Implant Cardiac Defribillator. drivetheweb.com. Web. 7 Aug 2014.
5. Insulin pumps. www.medgadget.com. Web. 7 Aug 2014.
6. Wikipedia. http://en.wikipedia.org/wiki/Deep_brain_stimulation. Web. 8 Aug 2014.
7. Wikipedia. http://en.wikipedia.org/wiki/Cochlear_implant. Web. 8 Aug 2014.
8. Wikipedia. http://en.wikipedia.org/wiki/Implantable_gastric_stimulation. Web. 8 Aug 2014.
9. Wikipedia. http://en.wikipedia.org/wiki/Implantable_cardioverter-defibrillator. Web. 8 Aug 2014.
10. Wikipedia. http://en.wikipedia.org/wiki/Insulin_pump. Web. 8 Aug 2014.
11. Haugland, M., Childs, C., Ladouceur, M., Haase*, J., Sinkjær, T. (2000). An Implantable Foot Drop Stimulator. Proceedings of the 5th Annual IFESS
Conference, pp. 59-62. 2000.
12. Wikipedia. http://en.wikipedia.org/wiki/Foot_drop. Web. 8 Aug 214.
13. T. Buchegger, G. Obberger, A. Reisenzahn, E. Hochmair, A. Stelzer, and A. Springer, ‘‘Ultrawideband transceivers for cochlear implants,EURASIP J.
Appl. Signal. Process., vol. 2005, no. 18, pp. 3069–3075, 2005.
14. Fan, J., Reparaz, O., Rozic, V., Verbauwhede, I. (2013). Low-Energy Encryption for Medical Devices: Security Adds an Extra Design Dimension. Design
Automation Conference (DAC), 2013 50th ACM / EDAC / IEEE. May 29 2013-June 7 2013.
15. Malasri, K., Wang, L. (2008) Design and Implementation of a Secure Wireless Mote-Based Medical Sensor Network. UbiComp 2008, Sept 21-24, 2008,
Seoul, Korea.
16. IMDShield. http://groups.csail.mit.edu/netmit/IMDShield/. Web. 7 Aug 2014.
29. References
17. The eleven most implanted medical devices in America. http://247wallst.com/healthcare-economy/2011/07/18/the-eleven-most-implanted-medical-devices-in-america/
3/. Web. 12 Aug 2014.
18. Zhang, M., Raghunathan, A., Jha, N.K. (2013). MedMon : Securing Medical Devices Through Wireless Monitoring and Anomaly Detection. IEEE TRANSACTIONS
ON BIOMEDICAL CIRCUITS AND SYSTEMS, VOL. 7, NO. 6, DECEMBER 2013
19. Gollakota, S., Hassanieh, H., Ransford, B., Katabi, D., Fu, K (2011). They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical Devices.
SIGCOMM 2011, Aug 15-19, 2011, Toronto, ON, Canada.
20. C. Zhan, W. B. Baine, A. Sedrakyan, and S. Claudia. Cardiac device implantation in the US from 1997 through 2004: A population-based analysis. Journal of
General Internal Medicine, 2007.
21. Fu, K. (2009) Inside risks: Reducing risks of implantable medical devices. Communications of the ACM - One Laptop Per Child: Vision vs. Reality CACM Homepage
archive, Volume 52 Issue 6, June 2009 Pages 25-27, ACM New York, NY, USA.
22. Halperin, D. ; Kohno, T. ; Heydt-Benjamin, T.S. ; Fu, K. ; Maisel, W.H. (2008). Security and Privacy for Implantable Medical Devices. Pervasive Computing, IEEE
(Volume:7 , Issue: 1 ). Date of Publication: Jan.-March 2008. IEEE
23. W. H. Maisel. Safety issues involving medical devices: Implications of recent implantable cardioverter-defibrillator malfunctions. Journal of the American Medical
Association, 2005.
24. ETSI EN 301 839-1 V 1.3.1 (2009-10). Electromagnetic compatibility and Radio spectrum Matters (ERM); Short Range Devices (SRD); Ultra Low Power Active
Medical Implants (ULP-AMI) and Peripherals (ULP-AMI-P) operating in the frequency range 402 MHz to 405 MHz; Part 1: Technical characteristics and test
methods
25. Medical Implant Communication Service. http://en.wikipedia.org/wiki/Medical_Implant_Communication_Service. Web. 13 Aug 2014.
26. Halperin, D. ; Heydt-Benjamin, T.S. ; Ransford, B. ; Clark, S.S. ; Defend, B. ; Morgan, W. ; Fu, K. ; Kohno, T. ; Maisel, W.H. (2008) Pacemakers and Implantable
Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses. Security and Privacy, 2008. SP 2008. IEEE Symposium. Publication Year: 2008 , Page(s):
129 – 142.
30. References
27. Hei, X., Du, X., Wu, J., Hu, F. (2010). Defending Resource Depletion Attacks on Implantable Medical Devices. Global Telecommunications Conference
(GLOBECOM 2010),IEEE.
28. Gupta, S.(2012). Implantable Medical Devices-Cyber Risks and Mitigation Approaches. Presentation. NIST Cyber Physical Systems Workshop. April 23-
24, 2012.
29. BladeRF, Software defined Radio. www.nuand.com. Web. 17 Aug 2014.
30. hackRF, open source software defined radio. http://greatscottgadgets.com/hackrf/. Web. 17 Aug 2014.
31. bladeRF. https://www.kickstarter.com/projects/1085541682/bladerf-usb-30-software-defined-radio. Web. 17 Aug 2014
32. Hacking implantable medical devices. http://resources.infosecinstitute.com/hcking-implantable-medical-devices/. Web. 17 Aug 2014.
33. McAfee’s Barnaby on Medical Device Hacking. http://www.bloomberg.com/video/87427352-mcafee-s-barnaby-on-medical-device-hacking.html.
Video. 17 Aug 2014.
34. Radcliffe, J. (2011). Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System.