A group of researchers has discovered that it’s not that difficult for a “weak adversary” with limited resources and capabilities to fiddle with or even shut down a variety of insecure pacemakers and Implantable Cardioverter Defibrillators (ICDs), putting the lives of the individuals who use them in jeopardy.
The researchers’ findings
The researchers have intentionally used inexpensive commercial off-the-shelf equipment and a “black box” approach to reverse-engineering the communication protocol used by the device to “talk” to the device programmer – all to prove that the hacking of these devices is not just reserved for expert attackers.
“Implantable medical devices typically use proprietary protocols with no or limited security to wirelessly communicate with a device programmer,” they noted. “Our analysis of the proprietary protocol results in the identification of several protocol and implementation weaknesses.”
Some security measures have been implemented, but they were not enough. The researchers managed to reverse-engineer the long-range communication protocol, activate the ICD by bypassing the current activation procedure, and intercept, modify and deliver malicious instructions to the device.
They found that they could:
- Collect personal information about the patients and info about their treatment
- Mount DoS attacks against the devices (e.g. drain the ICD battery)
- Mount replay attacks
- Send arbitrary commands to the ICD.
All these attacks don’t require the attacker to be in close proximity with the patient – it’s enough that they are two to five meters away.
They vulnerabilities they found apply to (at least) 10 types of ICDs that are currently on the market, all made by the same (unnamed) manufacturer. They, of course, shared the results of their research with the implant maker and, according to the BBC, the company has pushed out an update for the software that should limit the dangers to the patients.
Still, these devices are not as easy to update as (for example) smartphones, so I guess that the patients must go visit their doctor to implement it.
“Our results demonstrated that security-by-obscurity is a dangerous design approach that often conceals negligent designs. Therefore, it is important for the medical industry to migrate from weak proprietary solutions to well-scrutinised security solutions and use them according to the guidelines,” the researchers concluded.
In their paper, they provided several practical countermeasures to mitigate or even solve the issues they found, and they have even designed and verified a semi-offline key agreement protocol between the device programmer and the ICD that should keep the communication between the two secure.
Hacking medical devices and implants
They are not the first ones to point out the need for secure medical devices and implants.
Rresearch scientist Marie Moe, who has a pacemaker herself, has been researching the topic and testing medical devices, and invited well-meaning hackers to do so as well.
Other researchers have been exploring the issue of brain implant hacking (“brainjacking”).