Hackers Outsmart Pacemakers, Fitbits: Worried Yet?
Mobile health devices aren't as secure as you might think. Look at how researchers plan to strengthen security for consumer devices and regulated medical devices.
![](https://eu-images.contentstack.com/v3/assets/blt69509c9116440be8/blt1eb9f1296298c811/64cb573d432d4b3e264c5ead/defibrillator-wikipedia.jpg?width=700&auto=webp&quality=80&disable=upscale)
Connected medical devices, together with the proliferation of consumer health-monitoring gadgets, hold great promise for remote patient monitoring and digital health management. Yet many of these devices are laughably -- perhaps even dangerously -- insecure and lacking in privacy protections.
In the last five years, cybersecurity researchers have demonstrated the potential to hacks pacemakers, defibrillators, insulin pumps, and other devices that could have life-or-death consequences. The wireless data links used to retrieve data and send instructions are often unencrypted. Authentication methods are often weak, and the password might even be hard coded into the device firmware. Some of the greatest concerns revolve around wireless communications for devices that patients take home with them (sometimes implanted in the body).
Consumer health monitoring devices turn out to have similar vulnerabilities. Though hacking a Fitbit won't have consequences on the same scale as compromising a pacemaker, increasing interconnectedness will demand more attention to security and privacy across the spectrum of medical and consumer health devices.
Click the image below for a slideshow on the vulnerabilities of health devices.
One of the most famous recipients of a cardiac defibrillator, former Vice President Dick Cheney, was concerned enough about the risks of hacking that he and his doctor had the device's wireless capabilities deactivated when it was replaced in 2007.
His concern came to light in a 60 Minutes interview in October, when Cheney and his cardiologist, Dr. Jonathan Reiner, were promoting a book they wrote together. The writers of the Showtime drama Homeland might have caught wind of this. A December 2012 episode featured the assassination of a vice president by hacking his pacemaker and stopping his heart.
By all accounts, such hacks are still limited to fiction and the nightmares of academic cybersecurity researchers, who typically take care to say the benefits of devices like pacemakers far outweigh the risks. Still, Cheney was not necessarily being excessively paranoid. Medical devices are essentially a special case of the embedded systems that have been subject to state-sponsored attacks -- think of the purported use of Stuxnet against Iranian nuclear facilities.
"I absolutely think that's reasonable for the vice president of the most powerful country in the world, because those attacks, while theoretical, are very plausible," Jay Radcliffe of the Washington security consulting firm InGuardians, who has studied medical device vulnerabilities, told us. "Just like the VP doesn't get a normal car or a normal cellphone, to me, not having a normal pacemaker is right in line with those other things." For everyone else, he said, the risk of a malicious attack is minimal.
Radcliffe's most notable contribution to the literature on medical device risks was a demonstration of how to hack an insulin pump wirelessly at the 2011 Black Hat conference. He's a diabetic, so he takes seriously the risk of reprogramming a pump to deliver a dangerously high dose of insulin. Though he tries to avoid being an alarmist, "my biggest fear as a researcher is that people are going to say, 'Oh, nobody's going to die from this, so we shouldn't worry about it,'" he told us. If left unaddressed, the risks could turn real. That makes it important to "push forward to try to make these devices safer for everybody."
Recently, Radcliffe highlighted how easily a simple reset of his current insulin pump could cause it to "forget" how much insulin it previously pumped into his body, resulting in an excessive dose. This wasn't the result of a hack -- he found it to be a danger after he changed the battery -- but it hints at broader problems with the embedded software's fragility.
One strategy researchers have investigated for protecting medical devices is jamming signals from any device other than the one expected to interface with the device. This was laid out in a SIGCOMM '11 paper. Nevertheless, medical device security remains a work in progress. Security researchers have raised enough alarms to prompt FDA guidance on the need for device manufacturers to take security into account. However, it will be years before devices implemented to those higher standards hit the market.
While hospitals and healthcare providers wait for new, improved devices, they can take other measures to address the security of devices on their networks. These include taking inventory of the devices they use and prescribe, understanding their security (or lack thereof), and monitoring the traffic they generate. Hospitals might want to implement VLANs for medical devices -- virtually partitioning a portion of the local area network (or wireless network) to carry medical device traffic and keeping it separate from the network used for other hospital business.
Though cybersecurity researchers are constructing better defenses for medical device data links, other researchers have demonstrated the potential for bypassing those defenses entirely. This potential was presented in a paper from the Proceedings of the 2013 IEEE Symposium on Security and Privacy.
Instead of attacking network traffic or device software, researchers demonstrated how to manipulate medical sensors with electromagnetic interference to output false readings. Rather than exploiting a wireless connection, they showed how radio energy beamed at a device could affect the sensors responsible for measuring heart activity or other physiological signs, causing those sensors to malfunction in predictable ways.
To test the potential of medical sensor hacks more realistically, University of Michigan researchers implanted devices in an artificial cadaver. In this photo, Kevin Fu and Denis Foo Kune are testing how well signals penetrate simulated flesh.
This testing showed some good news: Successful hacks are unlikely in the near future. Though they demonstrated the ability to manipulate external devices from a range of one or two meters, successful attacks on embedded devices were limited to two or three centimeters. The researchers also demonstrated potential defenses, such as the ability for the embedded software to detect an anomaly and revert to a safe state.
(Source: Joseph Xu, University of Michigan)
Some of the excitement and concern about the future of health devices revolve around the potential to be more connected -- to one another and to Internet services or a doctor's electronic health records system.
This image from Dartmouth's Institute for Security Technology and Society shows how a single person might wind up with a whole network of personal devices, ranging from implanted medical devices such as an insulin pump to consumer health sensors for movement or weight, with a smartphone acting as a gateway to remote medical services.
Personal health gadgets pose their own risks but also could be part of the solution. The Amulet Project, led by researchers from Dartmouth College and Clemson University, seeks to produce a piece of "computational jewelry" that could act as a secure hub for an individual's body-based network. Prototypes have been created using devices such as the Motorola MOTOACTV wristband (seen here). The Amulet device would take responsibility for secure connections among health and medical devices and external services, minimizing the computational burden on individual devices.
The Fitbit wearable health monitoring device and related gadgets such as wireless scales allow people to track their activity and share it in a social media environment (for self-improvement) or even on public social networks. This introduces some potential for oversharing, as in some examples from a couple of years ago, when the company was embarrassed by users publishing their sexual activity.
Florida International University professor Bogdan Carbunar and his students found that the devices use insecure communication protocols that leave them vulnerable to data breaches and tampering. The concerns surrounding these medical devices mostly pertain to privacy, as opposed to hackers trying to stop your heart. However, Carbunar said some social websites and applications offer prizes and incentives based on performance measured by these devices, and insurers have expressed interest in offering better rates to people who present evidence that they are exercising regularly, as metered by a consumer electronic device. In other words, where the potential for tampering exists, so does the potential for fraud.
One defense is to implement "sanity checks" against data that is unrealistic or inconsistent, Carbunar told us. As this Fitbit dashboard report shows, researchers were able to convince the system that the user had taken more than 12 million steps in a day -- while travelling only 0.02 miles. "The Fitbit accepted this data, without complaint. These are things you can easily handle," provided you're looking for them.
In addition to their collection of Fitbit hacking tools, the FIU researchers produced a proof-of-concept demonstration they call FitLock. Lacking access to the Fitbit application programming interfaces, they implemented their demonstration on Android devices to show how better security could be produced without excessive computational overhead or power demands.
The Fitbit's vulnerabilities are not unique -- Carbunar said his team is finding similar problems with the Garmin Forerunner, a health-monitoring wristwatch.
More health gadgets are coming, and they're becoming more connected all the time, as shown by this catalogue of devices supported by the Microsoft Health Vault personal health record application. The challenge is to enjoy the benefits of these connections while keeping the hazards of medical and health device security wholly hypothetical.
Related posts:
Mobile App Security: 5 Frequent Woes Persist
Medical Device Security: A Work In Progress
Malware Threatens Medical Device Security
Insulin Pump Hack Controversy Grows
Hacked Medical Device Sparks Congressional Inquiry
Follow David F. Carr on Twitter @davidfcarr or Google+. He is the author of Social Collaboration For Dummies (October 2013).
More health gadgets are coming, and they're becoming more connected all the time, as shown by this catalogue of devices supported by the Microsoft Health Vault personal health record application. The challenge is to enjoy the benefits of these connections while keeping the hazards of medical and health device security wholly hypothetical.
Related posts:
Mobile App Security: 5 Frequent Woes Persist
Medical Device Security: A Work In Progress
Malware Threatens Medical Device Security
Insulin Pump Hack Controversy Grows
Hacked Medical Device Sparks Congressional Inquiry
Follow David F. Carr on Twitter @davidfcarr or Google+. He is the author of Social Collaboration For Dummies (October 2013).
-
About the Author(s)
You May Also Like