New firewall safeguards against medical-device hacking
Researchers at Purdue and Princeton universities have created a prototype firewall to block hackers from interfering with wireless medical devices such as pacemakers, insulin-delivery systems and brain implants.
The team had previously demonstrated how medical devices could be hacked, potentially leading to catastrophic consequences.
“You could imagine all sorts of scary possibilities,” said Anand Raghunathan, a Purdue professor of electrical and computer engineering. “What motivated us to work on this problem was the ease with which we were able to break into wireless medical systems.”
Raghunathan is working with Niraj K. Jha, a Princeton professor of electrical engineering, and Chunxiao Li and Meng Zhang, both Princeton graduate students in electrical engineering. He discussed the new concept and prototype during the Purdue Center for Implantable Devices Symposium earlier this year.
The potentially vulnerable devices include pacemakers and continuous glucose monitoring and insulin delivery systems for patients with diabetes, now in use by hundreds of thousands of people. Brain implants under development to control epilepsy and “smart prosthetics” operated using electronic chips also could be hacked, Jha said.
He stressed that the risk of devices being hacked is low but that security measures are merited before “attacks” in the lab are replicated on real systems.
“The benefits of pacemakers and insulin delivery systems far outweigh the remote risks posed by possible hackers,” Jha said.
The team has created a prototype system called MedMon, for medical monitor, which acts as a firewall to prevent hackers from hijacking the devices. They demonstrated how MedMon could protect a diabetes system consisting of a glucose monitor and an insulin pump, which communicate with each other wirelessly.
“It’s an additional device that you could wear, so you wouldn’t need to change any of the existing implantable devices,” Raghunathan said. “This could be worn as a necklace, or it could be integrated into your cell phone, for example.”
The researchers detailed earlier findings in a paper presented last year during the IEEE 13th International Conference on e-Health Networking, Applications and Services (Healthcom).
Many implantable devices have wireless transmitters and receivers, which enable health-care providers to perform diagnostics and to download data.
“For example, a diagnostic test is performed periodically to make sure they are running properly,” Jha said. “And during health emergencies, medical personnel must be able to access the systems.”
However, having wireless access also opens the door to potential hackers, who might alter the insulin dosage or direct pacemakers to malfunction, harming or killing a patient.
“Very little work exists on this important topic, and the security vulnerabilities of such systems are not well understood,” Jha said.
The MedMon prototype, which has been tested and shown to protect an insulin pump from hacking, monitors communications going into and coming out of any implantable or wearable medical device. It uses “multi-layered anomaly detection” to identify potentially malicious transactions. Upon detecting potentially malicious activity, the firewall can raise an alarm to the user or block “malicious packets” from reaching the medical device by using electronic jamming similar to technology used in military systems.
The prototype is a proof of concept and would need to be miniaturized. A provisional patent application has been filed on the concept.
“This is still not going to solve privacy concerns,” said Raghunathan, a member of Purdue’s Center for Implantable Devices. “Someone could still learn that you have a medical device, but hopefully they are not going to be able to do anything bad to you. It is extremely difficult to make a system completely impregnable.”
The researchers previously described two other potential solutions in a paper presented during last year’s IEEE Healthcom conference. One of those concepts is based on a cryptographic technique now seen in automotive keyless entry systems and garage-door openers, and the other would use “body-coupled communication,” which involves transmitting signals on a patient’s skin.
The research has been funded by the National Science Foundation. Information about the Purdue Center for Implantable Devices, in the university’s Weldon School of Biomedical Engineering, is available here.