research-article

On the (in)security of the latest generation implantable cardiac defibrillators and how to secure them

Authors:

Dave Singelée,

Flavio D. Garcia,

Rik Willems, and

Bart PreneelAuthors Info & Claims

ACSAC '16: Proceedings of the 32nd Annual Conference on Computer Security Applications

December 2016

Pages 226 - 236

https://doi.org/10.1145/2991079.2991094

Published: 05 December 2016 Publication History

Abstract

Implantable Medical Devices (IMDs) typically use proprietary protocols with no or limited security to wirelessly communicate with a device programmer. These protocols enable doctors to carry out critical functions, such as changing the IMD's therapy or collecting telemetry data, without having to perform surgery on the patient. In this paper, we fully reverse-engineer the proprietary communication protocol between a device programmer and the latest generation of a widely used Implantable Cardioverter Defibrillator (ICD) which communicate over a long-range RF channel (from two to five meters). For this we follow a black-box reverse-engineering approach and use inexpensive Commercial Off-The-Shelf (COTS) equipment. We demonstrate that reverse-engineering is feasible by a weak adversary who has limited resources and capabilities without physical access to the devices. Our analysis of the proprietary protocol results in the identification of several protocol and implementation weaknesses. Unlike previous studies, which found no security measures, this article discovers the first known attempt to obfuscate the data that is transmitted over the air. Furthermore, we conduct privacy and Denial-of-Service (DoS) attacks and give evidence of other attacks that can compromise the patient's safety. All these attacks can be performed without needing to be in close proximity to the patient. We validate that our findings apply to (at least) 10 types of ICDs that are currently on the market. Finally, we propose several practical short- and long-term countermeasures to mitigate or prevent existing vulnerabilities.

References

[1]

DAQ NI USB-6351. http://www.ni.com.

[2]

Federal Communications Commission (FCC) ID. http://www.fcc.gov/encyclopedia/fcc-search-tools.

[3]

LabVIEW. http://www.ni.com/labview.

[4]

NI USRP-2920. http://www.ni.com.

[5]

M. Abadi and C. Fournet. Mobile values, new names, and secure communication. In Symposium on Principles of Programming Languages (POPL), 2001.

Digital Library

[6]

B. Blanchet, B. Smyth, and V. Cheval. ProVerif 1.88: Automatic cryptographic protocol verifier, user manual and tutorial, 2013.

[7]

L. Chunxiao, A. Raghunathan, and N. Jha. Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system. In e-Health Networking Applications and Services, 13th IEEE International Conference on, pages 150--156, Jun 2011.

[8]

F. D. Garcia, G. Koning Gans, R. Muijrers, P. Rossum, R. Verdult, R. W. Schreur, and B. Jacobs. Dismantling mifare classic. In Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security, ESORICS '08, pages 97--114, Berlin, Heidelberg, 2008. Springer-Verlag.

Digital Library

[9]

F. D. Garcia, D. Oswald, T. Kasper, and P. Pavlidès. Lock it and still lose it --- on the (in)security of automotive remote keyless entry systems. In 25th USENIX Security Symposium (USENIX Security 16), Austin, TX, Aug. 2016. USENIX Association.

[10]

S. Gollakota, H. Hassanieh, B. Ransford, D. Katabi, and K. Fu. They Can Hear Your Heartbeats: Non-invasive Security for Implantable Medical Devices. SIGCOMM Comput. Commun. Rev., 41(4):2--13, Aug. 2011.

Digital Library

[11]

T. Halevi and N. Saxena. On pairing constrained wireless devices based on secrecy of auxiliary channels: the case of acoustic eavesdropping. In Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, October 4--8, 2010, pages 97--108, 2010.

Digital Library

[12]

D. Halperin, T. S. Heydt-Benjamin, B. Ransford, S. S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W. H. Maisel. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. In Proceedings of the 29th Annual IEEE Symposium on Security and Privacy, pages 129--142, May 2008.

Digital Library

[13]

X. Hei, X. Du, J. Wu, and F. Hu. Defending resource depletion attacks on implantable medical devices. In Global Telecommunications Conference (GLOBECOM 2010), 2010 IEEE, pages 1--5, Dec 2010.

[14]

P. Koopman and T. Chakravarty. Cyclic redundancy code (crc) polynomial selection for embedded networks. In Dependable Systems and Networks, 2004 International Conference on, pages 145--154, June 2004.

Digital Library

[15]

E. Marin, E. Argones Rúa, D. Singelée, and B. Preneel. A survey on physiological-signal-based security for medical devices. Cryptology ePrint Archive, Report 2016/188, 2016. http://eprint.iacr.org/.

[16]

E. Marin, D. Singelée, B. Yang, I. Verbauwhede, and B. Preneel. On the feasibility of cryptography for a wireless insulin pump system. In Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, CODASPY '16, pages 113--120, New York, NY, USA, 2016. ACM.

Digital Library

[17]

J. Proakis and M. Salehi. Digital Communications. McGraw-Hill higher education. McGraw-Hill Education, 2007.

[18]

K. B. Rasmussen, C. Castelluccia, T. S. Heydt-Benjamin, and S. Capkun. Proximity-based access control for implantable medical devices. In Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS '09, pages 410--419, New York, NY, USA, 2009. ACM.

Digital Library

[19]

M. Rostami, W. Burleson, F. Koushanfar, and A. Juels. Balancing security and utility in medical devices? In The 50th Annual Design Automation Conference 2013, DAC '13, Austin, TX, USA, May 29 - June 07, 2013, pages 13:1--13:6, 2013.

Digital Library

[20]

M. Rostami, A. Juels, and F. Koushanfar. Heart-to-heart (H2H): authentication for implanted medical devices. In 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS'13, Berlin, Germany, November 4--8, 2013 {20}, pages 1099--1112.

Digital Library

[21]

N. O. Tippenhauer, L. Malisa, A. Ranganathan, and S. Capkun. On limitations of friendly jamming for confidentiality. In Security and Privacy (SP), 2013 IEEE Symposium on, pages 160--173, May 2013.

Digital Library

[22]

F. Xu, Z. Qin, C. C. Tan, B. Wang, and Q. Li. Imdguard: Securing implantable medical devices with the external wearable guardian. In INFOCOM 2011. 30th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies, 10-15 April 2011, Shanghai, China, pages 1862--1870, 2011.

Cited By

Dansarie M(2024)Security Issues in Special-Purpose Digital Radio Communication Systems: A Systematic ReviewIEEE Access10.1109/ACCESS.2024.342009112(91101-91126)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3420091
Mahmud SZareen FOlney BKaram R(2024)Enhancing the Reliability of Closed-Loop Medical Systems with Real-Time Biosignal ModelingJournal of Hardware and Systems Security10.1007/s41635-023-00140-48:1(12-24)Online publication date: 4-Jan-2024
https://doi.org/10.1007/s41635-023-00140-4
Mitra AChowdhury D(2024)Guarding the Beats by Defending Resource Depletion Attacks on Implantable Cardioverter DefibrillatorsProceedings of the Tenth International Conference on Mathematics and Computing10.1007/978-981-97-2069-9_17(231-243)Online publication date: 30-Jun-2024
https://doi.org/10.1007/978-981-97-2069-9_17
Show More Cited By

Recommendations

Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses
SP '08: Proceedings of the 2008 IEEE Symposium on Security and Privacy

Our study analyzes the security and privacy properties of an implantable cardioverter defibrillator (ICD). Introduced to the U.S. market in 2003, this model of ICD includes pacemaker technologyand is designed to communicate wirelessly with a nearby ...
Read More
Fuzzy logic-based diagnostic algorithm for implantable cardioverter defibrillators

Objective: The paper presents a diagnostic algorithm for classifying cardiac tachyarrhythmias for implantable cardioverter defibrillators (ICDs). The main aim was to develop an algorithm that could reduce the rate of occurrence of inappropriate ...
Read More
Securing implantable cardiac medical devices: use of radio frequency energy harvesting
TrustED '13: Proceedings of the 3rd international workshop on Trustworthy embedded devices

Implantable Medical Devices (IMDs) are surgically implanted into a human body to collect physiological data and perform medical therapeutic functions. They are increasingly being used to improve the quality of life of patients by treating chronic ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSAC '16: Proceedings of the 32nd Annual Conference on Computer Security Applications

December 2016

614 pages

ISBN:9781450347716

DOI:10.1145/2991079

Conference Chair:
Stephen Schwab
USC Information Sciences Institute
,
Program Chairs:
Wil Robertson
Northeastern University
,
Davide Balzarotti
Eurecom

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

ACSA: Applied Computing Security Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 December 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

ACSAC '16

Sponsor:

ACSA

ACSAC '16: 2016 Annual Computer Security Applications Conference

December 5 - 8, 2016

California, Los Angeles, USA

Acceptance Rates

Overall Acceptance Rate 104 of 497 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

45
Total Citations
View Citations
415
Total Downloads

Downloads (Last 12 months)48
Downloads (Last 6 weeks)5

Other Metrics

View Author Metrics

Citations

Cited By

Dansarie M(2024)Security Issues in Special-Purpose Digital Radio Communication Systems: A Systematic ReviewIEEE Access10.1109/ACCESS.2024.342009112(91101-91126)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3420091
Mahmud SZareen FOlney BKaram R(2024)Enhancing the Reliability of Closed-Loop Medical Systems with Real-Time Biosignal ModelingJournal of Hardware and Systems Security10.1007/s41635-023-00140-48:1(12-24)Online publication date: 4-Jan-2024
https://doi.org/10.1007/s41635-023-00140-4
Mitra AChowdhury D(2024)Guarding the Beats by Defending Resource Depletion Attacks on Implantable Cardioverter DefibrillatorsProceedings of the Tenth International Conference on Mathematics and Computing10.1007/978-981-97-2069-9_17(231-243)Online publication date: 30-Jun-2024
https://doi.org/10.1007/978-981-97-2069-9_17
Zhang JZheng YXu WChen Y(2023)H2K: A Heartbeat-Based Key Generation Framework for ECG and PPG SignalsIEEE Transactions on Mobile Computing10.1109/TMC.2021.309638422:2(923-934)Online publication date: 1-Feb-2023
https://doi.org/10.1109/TMC.2021.3096384
Vishwakarma RMonani RRezaei ASayadi HAliasgari MHedayatipour A(2023)Attacks on Continuous Chaos Communication and Remedies for Resource Limited Devices2023 24th International Symposium on Quality Electronic Design (ISQED)10.1109/ISQED57927.2023.10129355(1-8)Online publication date: 5-Apr-2023
https://doi.org/10.1109/ISQED57927.2023.10129355
Puri MGochhait S(2023)Data Security in Healthcare: Enhancing the Safety of Data with CyberSecurity2023 8th International Conference on Communication and Electronics Systems (ICCES)10.1109/ICCES57224.2023.10192596(1779-1783)Online publication date: 1-Jun-2023
https://doi.org/10.1109/ICCES57224.2023.10192596
Ksibi SJaidi FBouhoula A(2023)IoMT Applications Perspectives: From Opportunities and Security Challenges to Cyber-Risk ManagementDecision Making and Security Risk Management for IoT Environments10.1007/978-3-031-47590-0_2(21-37)Online publication date: 10-Oct-2023
https://doi.org/10.1007/978-3-031-47590-0_2
Mahmud SKeller MAhmed SKaram R(2023)FAMID: False Alarms Mitigation in IoMT DevicesInternet of Things. Advances in Information and Communication Technology10.1007/978-3-031-45878-1_14(199-217)Online publication date: 26-Oct-2023
https://doi.org/10.1007/978-3-031-45878-1_14
Bour GLie AKok JMarkussen BMoe MBorgaonkar R(2023)Security Analysis of the Internet of Medical Things (IoMT): Case Study of the Pacemaker EcosystemBiomedical Engineering Systems and Technologies10.1007/978-3-031-38854-5_5(73-96)Online publication date: 23-Jul-2023
https://doi.org/10.1007/978-3-031-38854-5_5
Mahmud SZareen FOlney BFernandes A. MKaram R(2022)Trojan Resilience in Implantable and Wearable Medical Devices with Virtual Biosensing2022 IEEE 40th International Conference on Computer Design (ICCD)10.1109/ICCD56317.2022.00091(577-584)Online publication date: Oct-2022
https://doi.org/10.1109/ICCD56317.2022.00091
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents