Nearly a million new forms of malware are unleashed on the world every day. Manufacturers of software for smartphones, laptops and security cameras, as well as banks, retailers and government agencies, release upgrades frequently to try to protect customers and assets. Yet the millions of people with implanted medical devices typically never receive software upgrades to address security vulnerabilities for the gadgets in their bodies.
Industry analysts predict that by 2020 most of the 20 billion electronic devices on the market will be interconnected - and millions of these will be implantable medical devices.
Like other modern electronics, implantable medical devices are connected through wireless technologies. They include cardiac pacemakers and defibrillators for people with arrhythmia, insulin pumps for people with diabetes and brain neurostimulators for people with Parkinson’s disease. Many IMDs have sensors to monitor vital signs such as heart rate and transmit data to healthcare providers’ in real time. Doctors can evaluate patients remotely and, with a few simple adjustments, improve their conditions or even save their lives.
But along with their benefits, IMDs pose risks.
Hackers who gain access to confidential patient information could use malware as “ransomware.” Worse, they could put a patient with an implanted cardiac pacemaker into cardiac arrest. There are more than 225,000 such people in the United States alone.
To our knowledge, this kind of cyberattach has not happend yet, but security researchers have proved that it is possible.
Roman Lysecky is an Associate Professor of Electrical and Computer Engineering at the University of Arizona. Lysecky is pioneering technologies to enable IMDs to detect malware and help ensure they will continue functioning properly in a patient when their security is breached. He has built a prototype of a network-connected pacemaker and is running experiments based on case studies of malware infecting other types of embedded systems.
In one project funded by the National Science Foundation, he and co-principal investigator Jerzy Rozenblit, UA Distinguished Professor and Oglethorpe Endowed Chair in the Department of Electrical and Computer Engineering and professor of surgery in the College of Medicine, are developing runtime anomaly detection.
This technology exposes minuscule changes in the timing of how computations and data are transmitted from the pacemaker to a cardiac data log, revealing the potential presence of malware.
A pacemaker might be engineered to send data to the patient’s digital cardiac log every three milliseconds or to send specific types of data, such as ventricular or atrial readings, in less than 10 milliseconds. Any aberrations in these precisely timed processes could signal the presence of malware. The changes would immediately alert a doctor, who could then take action remotely, possibly with the patient never knowing of the harm averted.
Lysecky, recipient of a prestigious NSF Early Career Award, is also looking for malware mimicry, whereby hackers tweak functioning of IMDs in subtle ways to avoid detection.
His team, including doctoral students Sixing Lu and Minjun Seo, achieved a 100-percent detection rate for mimicry malware using runtime anomaly detection in the prototype pacemaker system. The researchers reported their findings for the 2015 Workshop on Embedded Systems Security and in the Institute of Electrical and Electronics Engineers’ Embedded Systems Letters in 2016.
Pacemakers are not yet required to have built-in detection and mitigation capabilities, but the pressure is building. The U.S. Food and Drug Administration has identified hundreds of medical devices infected by malware and first published recommendations in October 2014 for manufacturers to consider software protections throughout a product’s lifecycle. In December 2016 the agency issued security guidelines encouraging pacemaker manufacturers to regularly monitor, maintain and update software.
Lysecky is working on another project, with a grant from the Army Research Office, to make medical implants more resistant to side-channel attacks. He and co-principal investigator Janet Meiling Roveda, UA professor of electrical and computer engineering, are developing mathematical models to analyze changes not only in timing, but also in power consumption and electromagnetic radiation.
By analyzing data transmission timing, power consumption and electromagnetic radiation from a life-critical device such as a pacemaker, a hacker can extract data like cryptographic keys that are essential for shielding communications from unauthorized users.
Lysecky is one of many engineers, scientists and physicians throughout the UA working to improve cybersecurity for implantable medical devices, often in collaboration with the Arizona Center for Accelerated Biomedical Innovation.