• Like


Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Killed by code - mobile medical devices

Uploaded on

There is a perfect storm of consumer electronics, mobile communications and customer need - the need to help people manage chronic disease like Parkinson, diabetes and MSA and sustain life with …

There is a perfect storm of consumer electronics, mobile communications and customer need - the need to help people manage chronic disease like Parkinson, diabetes and MSA and sustain life with pacemakers and ICDs

More in: Business , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Killed by code
    Mob Sec Mobile Security Conference 4/11/2010 Herzliya
    Danny Lieberman – Software Associates.
  • 2. Agenda
    Mobile medical is hot
    Threat scenarios
    A threat model framework for secure code
  • 3. Mobile medical devices are hot
    Mobile consumer electronics creates potential for life-saving applications that are cheaper and more accessible than any other alternative.
    The FDA is not there yet.
    Neither is traditional IT security.
  • 4. Mobile medical applications
  • 5. Data tracking
    Who: Patients, care-givers, doctors
    What: Data acquisition
    Why: Controlling symptoms of chronic illness requires tracking data over long periods of time.
    • Glucose
    • 6. Heart rate
    • 7. Blood pressure
    • 8. Dosage (insulin, dopamine …)
    • 9. ...
    Platforms : Smart-phones, data & location-based services.
  • 10. Life-sustaining
    Who: Patients
    What: Implanted devices for cardiac pacing, defibrillation, drug delivery…
    Why: Sustain life
    Platforms : Embedded devices with mobile connectivity for remote monitoring & programming.
    Chronic heart disease
    “…the latest technology in a full complement of patient-focused CRM products”
  • 11. Threat Scenarios
  • 12. Threat scenario template
    An attacker may exploit vulnerabilities to cause damage to assets.
    Security countermeasures mitigate vulnerabilities and reduce risk.
  • 13. Radio attack scenario
    Threat T1 – A malicious attacker may exploit a clear text protocol and instruct an ICD to deliver a shock that would cause sudden cardiac death.
    Vulnerability V1 – Clear text communications protocol
    Countermeasure C1 – Encrypt network link Countermeasure C2 – Validate messages using secure tokens.
  • 14. Implantable Cardioverter Defibrillators
    In 2008, approximately 350,000 pacemakers and 140,000 ICDs were implanted in the US.
    Forecasted to $48BN in 2014.
    Proof of concept attack:
    • Reverse-engineered commands
    • 15. Intercepted vital signs, history
    • 16. Reprogrammed therapy settings
    • 17. DoS to deplete battery
    • 18. Directed the ICD to deliver 137V shocks that would induce ventricular fibrillation in a patient.
    2008 ICD vulnerability study
  • 19. Device defect attack scenario
    Threat T2 – An internal short circuit is undetected by the device control software and may be fatal.
    Vulnerability V2 – Software doesn’t monitor hardware malfunctions
    Countermeasure C3 – Notify customer service when hardware issue identified.Countermeasure C4 – Implement fail-safe function
    Device malfunction
  • 20. FDA device recalls
    At least 6 recalls were probably caused by software defects.
    The FDA issued 23 recalls of defective devices in H1/2010.
    All were “Class 1” :
    “reasonable probability that use of these products will cause serious adverse health consequences or death.”
  • 21. Malicious code attack scenario
    Threat T3 – Malicious code may be used in order to exploit multiple vulnerabilities and obtain patient information
    Vulnerability V3 – USB, and/or Internet access enabled
    Countermeasure C4 – Hardware toggle USBCountermeasure C5 – Network isolation
    Countermeasure C6 – Software security assessment
  • 22. Mobile clinical assistants
    Mobile imaging analysis devices used by hospital radiologists had unplanned Internet access.
    Over 300 devices infected by Conficker and taken out of service.
    Regulatory requirements mandated that the impacted hospitals would have to wait 90 days before the systems could be modified to remove the infections and vulnerabilities.
  • 23. Where is the FDA?
    The FDA has refocused regulation from patient safety to auditing manufacturers’ compliance with their own standards.
    If the FDA has approved a medical device, consumers cannot sue.
    “Riegel v. Medtronic “, 2008
  • 24. A threat model security framework
  • 25. Objectives
    Audit medical device manufacturer safety/security standards.
    Assess product risk
    Understand what threats count
    Prioritize countermeasures.
    Drive profits
  • 26. Assess product risk
  • 27. Understand what threats count
  • 28. Prioritize countermeasures
    Product management has 1 dollar in their pocket:
    Countermeasure C1 – Encrypt network link to ICDCountermeasure C21 – Validate POST requests with secure tokens.
    Countermeasure C3 – Wearable “cloaker” to ensure that only authorized programmers can interact with the device.
  • 29. Drive profits
    Transparency means more eyeballs can look at issues.
    More eyeballs reduces cost.
    More eyeballs means safer devices.
    Safer devices means more revenue.
    Medical device threat models are transparent.
  • 30. Sources
    Riegel v. Medtronic, Inc. http://www.law.cornell.edu/supct/html/06-179.ZS.html
    Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses.Daniel Halperin et al. Proceedings of the 29th Annual IEEE Symposium on Security and Privacy, May 2008.http://www.secure-medicine.org/icd-study/icd-study.pdf
    Software transparency in imbedded medical deviceshttp://www.softwarefreedom.org/resources/2010/transparent-medical-devices.html
    Prof. NirGiladi, Tel Aviv Souraski Hospital Neurology Department, personal communication on data tracking for MSA patients
    Biotronik – cellular pacemaker, http://www.biotronik.com/en/us/19412