On the (in)security of the latest generation implantable cardiac defibrillators and how to secure them

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Authors

  • Eduard Marin
  • Dave Singelée
  • Rik Willems
  • Bart Preneel

Colleges, School and Institutes

External organisations

  • ESAT-COSIC and iMinds, KU Leuven, Belgium
  • University Hospital Gasthuisberg, Leuven, Belgium
  • ESAT-COSIC and iMinds, KU Leuven, Belgium

Abstract

Implantable Medical Devices (IMDs) typically use proprietary protocols with no or limited security to wirelessly communicate with a device programmer. These protocols enable doctors to carry out critical functions, such as changing the IMD's therapy or collecting telemetry data, without having to perform surgery on the patient. In this paper, we fully reverse-engineer the proprietary communication protocol between a device programmer and the latest generation of a widely used Implantable Cardioverter Defibrillator (ICD) which communicate over a long-range RF channel (from two to five meters). For this we follow a black-box reverse-engineering approach and use inexpensive Commercial Off-The-Shelf (COTS) equipment. We demonstrate that reverse-engineering is feasible by a weak adversary who has limited resources and capabilities without physical access to the devices. Our analysis of the proprietary protocol results in the identification of several protocol and implementation weaknesses. Unlike previous studies, which found no security measures, this article discovers the first known attempt to obfuscate the data that is transmitted over the air. Furthermore, we conduct privacy and Denial-of-Service (DoS) attacks and give evidence of other attacks that can compromise the patient's safety. All these attacks can be performed without needing to be in close proximity to the patient. We validate that our findings apply to (at least) 10 types of ICDs that are currently on the market. Finally, we propose several practical short- and long-term countermeasures to mitigate or prevent existing vulnerabilities.

Details

Original languageEnglish
Title of host publicationProceedings of 32nd Annual Computer Security Applications Conference (ACSAC 2016)
Publication statusPublished - 5 Dec 2016
Event32nd Annual Computer Security Applications Conference (ACSAC 2016) - Los Angeles, CA, United States
Duration: 5 Dec 20169 Dec 2016

Conference

Conference32nd Annual Computer Security Applications Conference (ACSAC 2016)
CountryUnited States
CityLos Angeles, CA
Period5/12/169/12/16