Unpatchable – Living with a vulnerable implanted device

TL;DR: Marie Moe talked about security issues of medical devices, especially implantable devices like pacemakers, but not in overwhelming technological depth. She wanted to point out the necessity of intensified security research in the field of medical devices as vendors and medical personnel seem to be lacking necessary awareness of security of devices, interfaces, services, and even data privacy.”Get involved, join the cavalry” was her core message.

Marie started her talk with the sound of a repeating heartbeat. First she introduced how she came up with the topic of her talk: Marie relies on a pacemaker herself andsince she got it implanted she was curious how secure this little device might be. A minimum education of the auditorium followed including an explanation how a human heart works and what a pacemaker does.

Marie’s Story
Marie told us that one day she fell unconscious at home. When she was monitored in the hospital it was detected that her heart is suffering from a rhythm disorder. Rhythm disorders are all kind of problems where the heart by whatever reason gets out of its natural rhythm. In Marie’s case the disease is called atrioventricular block which prevents that the impulses signaling the contraction reach the ventricles. However, when it were clarified that she needed a pacemaker her surgeon told her not to worry. She would get “the latest model with all features” – a statement, which in fact scared her (and who could blame her for these feelings?). As it concerned her own life she of course agreed to the surgery. In general sensors in your body could have a positive effect: they could ensure longevity. Nevertheless, security would be essential.

Pacemakers, Ecosystems, and Related Security Issues
What followed were an insight into security issues around pacemakers, technology involved, and the very basic issues with vendors.
Basically, Marie’s pacemaker provides two wireless interfaces: one near-field interface for communication with a programmer at her pacemaker technician to set up necessary parameters of the unit itself; the second interface communicates with a modem and sends diagnostic data from the pacemaker to a remote server of the vendor. Some patients rely on this remote monitoring service. However, Marie does not need to be monitored by the vendor but has no choice and control over her data: during each checkup her data would be transferred to the vendor without Marie’s consent, which is obviously a privacy issue.
Marie told us that she became curious about the security of the general setup of the ecosystem. So she searched on eBay for decommissioned programmers, which she was indeed able to purchase. Even these decommissioned devices contained data of former patients – an issue of improper decommissioning and of course another privacy issue.
She continued by defining the attack surface around the personal medical device ecosystem by the device itself, the access point, the vendor/service website etc with threats comprising like afore mentioned privacy issues, possibly battery exhaustion, device malfunctions, or even death threats and extortion – “Is remote assassination a scenario?” remained an open question by Marie. Finally, she concluded her definition with the statement of “reliance on the personal infrastructure is inverse proportional to how invisible this infrastructure is to you”.
After providing this overview of security issues Marie proceeded by providing examples of safety issues within the pacemaker ecosystem:

  • she told the story of her pacemaker which were programmed to reduce the impulse emission frequency by half when reaching the upper limit of 160 beats per minute. This issue was rather difficult to determine – in fact it took months to identify and resolve this issue.
  • an example of a bug in the human machine interface of a programmer displayed that quite simple bugs, i.e. the deviation of displayed values and values in the pacemaker, can have severe consequences for the patient.
  • presentation of the Guidant LLC case from January 2011, where the company witheld information about safety issues related to device failures leading to three deaths.
    All these examples make it difficult for patients to trust vendors.

Cavities and Solution Approaches
In the final part of her talk Marie Moe presented the current state of research. She referred to Barnaby Jack’s research on hacking a victim’s pacemaker as well as preemptive research on infusion pumps. These examples were described as “hacking as a life saver”.
Furthermore, she described obstacles in medical device security research: from legacy hardware and protocols over blackboxes, that possibly never were tested regarding their security, the lack of regulatory requirements, and even the increasing connectivity of medical devices can pose a multitude of problems with respect to security.
So what did Marie Moe propose as solution to her talk? First, she invited everyone to take part and get involved. A community she’s part of is the “I am Cavalry” group which does a lot of information sharing. Vendor awareness and education of regulatory needs to be raised, coordination of third parties needs to be managed, and even the procurement by teaching patients about inherent security risks of their implanted devices needs to be considered.
However, Marie Moe concluded her talk with the bottom line that the “benefits outweigh the risks”.
Thank you, Marie, for this interesting talk and insight into your heart.

For more information about this talk, please have a look at the published video and slides at the following links:
Video: Link to the video capture
Slides: Unpatchable – Living with a vulnerable implanted device

Leave a Reply

Your email address will not be published. Required fields are marked *