Medical Monitoring & Remote Programming: How to Hack Grandpa's ICD

Tuesday, March 30, 2010

How to Hack Grandpa's ICD

I've discussed possible communications security problems with implanted devices in an earlier post. The link below provides a link to a University of Washington study that was published in 2008 in IEEE Symposium on Security and Privacy. Here's a link to the University of Washington article.

Researchers find implantable cardiac defibrillators may expose patients to security and privacy risks

The article includes a link to the published paper. I suggest that you download the paper and read it.

Although the article was published in 2008, I believe it still has relevance. First, it references a Medtronic Carelink Home Monitoring unit that I am quite certain is still in widespread use. Second, they reverse engineered the Medtronic unit to create their own system that could mimic the Medtronic unit. Although I am not an electrical engineer by any stretch of the imagination, I can attest to soundness of their methods. I have worked with a variety of engineers who have tested communications system security using similar methods. Furthermore, I have worked with engineers who have successfully cracked harden communications systems. Thus I shall continue to monitor developments and findings in this field because this could impact the engineering of the communications systems for remote monitoring and programming.

One of the flaws in the Medtronic unit that made reverse engineering relatively easy was that the data was not encrypted. I do not know if currently any or all communications between home monitoring units from any device company and implanted devices is encrypted. Encryption adds significant overhead to communications. Thus it makes the communication between the device and a home monitoring unit significantly longer. It can impact battery life because encrypted transmissions have more bytes to transmit.

One of the potential limitations to hacking implant radio communications is the extremely low power level of that communication. The low power levels suggest that the hacker would have to be in close proximity to the device, within three meters. However, their article did not extensively investigate the communications distance issue or methods that might be used to get around the proximity problem.

Third, the authors also had access to a Medtronic programmer. A study of the operations of the programmer enable the authors extend their capabilities to hack communications with the implanted device.

The scariest part of the article is a discussion of how it would be possible to kill a person with an ICD using the device they constructed. Here's that section of the article (edited):

Inducing fibrillation

During implantation surgery, it is common for a physician to test the newly implanted ICD to ensure that it can both sense and appropriately treat a cardiac
condition known as ventricular fibrillation (V-Fib), one of the most common kinds of heart rhythm problems. Accordingly, the ICD has several testing modes in which it can induce VFib. Such a test — called an electrophysiological (EP) study — is normally conducted with cardiologists standing by to stop the fibrillation if the ICD fails to do so. ... [a] programmer sends the ICD a sequence of commands that ... [a] shock to be applied to the patient’s heart at a precise point in the patient’s cardiac rhythm, with the goal of inducing V-Fib. When its automatic therapies are enabled, the ICD should immediately detect and treat the fibrillation by delivering the proper therapy. ... We then used our commercial programmer to conduct an EP study ... We then replayed a recording of the EP study command sequence via our software radio. At least three of 30 replay attempts succeeded. We successfully triggered command shocks via replayed commands even after turning off all of the
ICD’s automatic therapies.
Quoted from:
Halperin, D, Heydt-Benjamin, T., Ransford, B., Clark, S., Defend, B., Morgan, W., Fu, K., Kohno, T., Maisel, W. Pacemakers and Implantable Cardiac Defibrillators:
Software Radio Attacks and Zero-Power Defenses, IEEE Symposium on Security and Privacy, 2008, pp 1-14.

3 comments:

RemoteProgrammerGuruThursday, April 8, 2010 at 8:58:00 PM PDT
I am a bit surprised that no one has commented on this post. I found it disturbing that a wireless ICD or pacemaker could be hacked. Maybe I'm more sensitive to the issues because ... interesting enough ... I'm a founder of a data & voice communications security company. Thus, I have a pretty good sense that the authors of the article have a pretty good handle on the potential security problems with wireless devices, especially if they can be reprogrammed using wireless.

Comments?
ReplyDelete
Replies
AnonymousFriday, April 9, 2010 at 5:58:00 PM PDT
It is interesting to consider the reaction the Heart Rhythm Society had to this article. Their statement on this publication indicated:
“Although the experiment by Dr. Maisel and colleagues is a technical study that may be of interest to
engineers who design wireless transmission systems, the results do not have any important
implications for patients and there is no reason for alarm,” said Dr. Bruce Lindsay, President of
the Heart Rhythm Society.
“This is not a product failure or safety recall. Millions of patients worldwide have benefited from the use
of ICDs and this technology will continue to be critical in the treatment of patients who are at risk for
life threatening heart rhythm disorders.”

Frankly, a hack done from a maximum distance of 5 cm, when you had a MDT programmer in your possesion to allow you to reverse engineer the link, probably is not going to impress too many people as a major security flaw.
ReplyDelete
Replies
Urology Surgery IndiaTuesday, August 29, 2017 at 11:48:00 PM PDT
Great blog all the best
ReplyDelete
Replies

Add comment

What this is about ...

A technical blog is dedicated to discussing aspect of the next generation of patient monitoring and management. I post new entries as I am able. I encourage you to become a follower. If you have an interest in this area, I think you will not be disappointed.

I am a technologist of long standing and I often can spot technical trends of an industry or of a particular company. I'm unconcerned with the financial or business impact. That is for others to consider. I'm interested in technology and its likely impacts on people's lives. Although my profile mentions that my most recent experience is with Medtronic. I had lengthy experience with St. Jude Medical. Any examples I provide do not necessarily originate from Medtronic or St. Jude Medical. I have contacts from a variety of medical device companies and constantly research the industry. My examples will originate from a variety of sources.

In the spirit of what I've written above, many may not know that a quiet revolution in medicine is occurring. The information highway, the Internet, is being extended into medicine. Wireless data communication with the Internet will be enlisted to enable people to connect with the Internet. The interchange of electronic patient records and digitized medical images are just a part of this revolution. In the near future, your physician can monitor your health remotely. Furthermore, if you have an implanted medical device (IMD) such as a pacemaker, ICD, neuro-stimulator, diabetes management device, etc., your physician can monitor your vital signs and change the settings on your implanted, therapeutic device remotely - virtually anywhere. Even very sick individuals could be enabled to live their lives at home rather than in an institution such as a hospital or nursing facility This can be performed safely and securely, and cost-effectively to provide people will fuller and longer lives.

Finally, a disclaimer regarding the advertisements that you see on this blog. I have no connection with the advertisers that appear on this blog. An appearance of an advertisement on this blog does not constitute an endorsement from me.