Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Hacking A Bluetooth-Enabled Medical Device Is Too Easy

20 views

Published on

Presentation by Mike Kijewski, CEO, medcrypt at the Smart Health Conference 2018, held at Bally's Las Vegas on the 26-27th of April, 2018.

Published in: Healthcare
  • Be the first to comment

  • Be the first to like this

Hacking A Bluetooth-Enabled Medical Device Is Too Easy

  1. 1. HACKING A BLUETOOTH-ENABLED MEDICAL DEVICE IS TOO EASY Mike Kijewski mike@medcrypt.co
  2. 2. PREDICTION: >50% OF MEDICAL DEVICES WILL BE INTERNET-ENABLED BY 2030
  3. 3. HEALTHCARE IS MOVING TO THE HOME
  4. 4. WE ONLY GET PAID IF DEVICES ARE WORKING
  5. 5. THERES AN INTERNET GATEWAY IN YOUR POCKET
  6. 6. WE HACKED A DEVICE
  7. 7. WE’RE NOT A HEDGE FUND
  8. 8. Basestation Cloud AppMeasurement Device COMMON AMBULATORY DEVICE ARCHITECTURE # Mobile App BTLE WiFi
  9. 9. Basestation Cloud AppMeasurement Device # Mobile App BTLE WiFi Measurement device packages data, broadcasts over BTLE V4.0 COMMON AMBULATORY DEVICE ARCHITECTURE
  10. 10. Basestation Cloud AppMeasurement Device # Mobile App BTLE WiFi COMMON AMBULATORY DEVICE ARCHITECTURE Basestation sees advertised data, interprets measurement, sends to cloud app.
  11. 11. Basestation Cloud AppMeasurement Device # Mobile App BTLE WiFi COMMON AMBULATORY DEVICE ARCHITECTURE Measurement is shown to user via mobile app.
  12. 12. Basestation Cloud AppMeasurement Device # Mobile App BTLE WiFi Various BTLE vulnerabilities Lack of encryption / TLS / data signing COMMON AMBULATORY DEVICE ARCHITECTURE #
  13. 13. Basestation Cloud AppMeasurement Device # Mobile App BTLE WiFi BTLE Raspberry Pi Raspberry Pi Measurement Device Basestation ANONYMIZED EXAMPLE HACK
  14. 14. ANONYMIZED EXAMPLE HACK BTLE Raspberry Pi Raspberry Pi Measurement Device Basestation Raspberry Pi Hacker
  15. 15. DEMO
  16. 16. TECHNICAL REASONS FOR VULNERABILITY •Bluetooth advertising, not pairing •Data being sent in plain text •Bluetooth V4.0 is inherently insecure (key exchange vulnerability) •No signing of data
  17. 17. TECHNICAL FIXES •Use BTLE V4.2 Bonding •Assign unique public/private keys to monitors, basestations •Encrypt data on monitor before transmit •Cryptographically sign data on monitor before transmit •Check data signature at basestation before reporting to cloud app
  18. 18. ORGANIZATIONAL REASONS FOR VULNERABILITY • Research project becomes prototype, becomes MVP, becomes V1 • Infinite number of feature requests, finite number of engineers • Need to launch by CES / RSNA / HIMSS / etc. • “Why would anyone actually want to hack this?”
  19. 19. “Not a big deal because it would require physical proximity.”
  20. 20. Security is not a distraction from your business; it’s imperative for the success of your business. Takeaway #1
  21. 21. If your device connects to a network, you’re an internet company. Takeaway #2
  22. 22. Things Internet Companies Do • Deliver product continuously • Only build what isn’t available as Open Source • Scour internet for known vulnerabilities • Pay hackers via “bug bounties”
  23. 23. Takeaway #3:
  24. 24. DOESN’T CARE ABOUT CERTIFICATIONS
  25. 25. HOW WE’RE ADDRESSING THIS •Security software gets “baked in” your device’s software •Secure communications, instructions between devices •Monitor device behavior for suspicious behavior •Features designed specifically to meet FDA guidelines
  26. 26. Final Thought: “Has this ever actually happened?”
  27. 27. Questions? mike@medcrypt.co

×