Researchers at Belgium’s KU Leuven University examined 10 device, specifically implantable cardioverter defibrillators. The team used only commercial, off the shelf items and had no prior knowledge of the devices, but were able to break the device’s supposedly secure communications protocols.
The team were able to hack the devices from up to 5 meters away, gaining the ability to shut off and inappropriately activate the implantables and intercept private patient data sent by them.
“Our results demonstrated that security-by-obscurity is a dangerous design approach that often conceals negligent designs. Therefore, it is important for the medical industry to migrate from weak proprietary solutions to well-scrutinized security solutions and use them according to the guidelines,” researchers wrote in their report.
“Our work revealed serious protocol and implementation weaknesses on widely used ICDs, which lead to several active and passive software radio-based attacks that we were able to perform in our laboratory,” researchers wrote.
In the 1st attack, the researchers repeatedly sent messages over long-range communications channels to an ICD, keeping the device alive while in its ‘standby’ mode. Doing this provided 2 outcomes – either draining the battery life, or giving the hypothetical hackers time to send malicious messages to the device to compromise it, and its user’s safety.
In a 2nd attack, researchers attempted to compromise the patient’s privacy, and found that the sequence used to obfuscate the data was easily overcome, but that it was also the same across all devices studied in the project.
The team didn’t only offer gloom, and provided possible countermeasures to overcome the flaws they found in the devices.
“We proposed short-term and long-term countermeasures. As a short-term countermeasure, the only solution is to use jamming as a defensive mechanism. As long-term countermeasures, external devices could send a “shutdown”message to the ICD so that the ICD can immediately switch to “sleep” mode after the communication ends. Moreover, we designed and formally verified a semi-offline key agreement protocol between the device programmer and the ICD,” researchers wrote in their report.