A computer security researcher has probed the communication protocols used by her pacemaker – and hopes her findings will raise awareness of just how much info medical devices are emitting.
Marie Moe received her pacemaker four years ago after she experienced a form of arrhythmia, and her heart began to slow.
Soon after, she sought out the manual for her closed-source device – and enlisted the help of Cambridge University industrial control hacker Eireann Leverett to find out more about the vital gizmo that keeps her heart beating normally.
Moe, once of Norway's Computer Emergency Response Team, found the device had two wireless interfaces: some near-field communications (NFC) electronics used to exchange data with medical equipment during hospital check-ups, and another system for communicating with a bedside device.
Data flow ... How information is passed from pacemaker to hub to doctor
Leverett says the bedside unit passes sensitive medical information about herself from her pacemaker to remote servers, and finally to her doctor's workstation, via communications channels from SMS and 3G to the standard internet. Leverett fears these channels are not necessarily secure, and the servers are often held in foreign countries – which all in all is a headache for privacy.
"Personally I am not worried about being remotely assassinated, I am more worried about software bugs," Moe told the Chaos Communications Congress in Hamburg, Germany, at the end of December.
"As a patient I am expected to trust that my device is working correctly and that every security bug has been corrected by the vendor, but I want to see more testing and research [because] we can't always trust vendors."
Moe told the audience she bought a bedside hub to tinker with from eBay, adding: "It actually contained other patient information." The box she bought is readily available online.
"We had some pairing issues [with the hub], and Marie couldn't be in the same room for certain types of testing," Leverett added.
"As a precaution we will not do experiments involving radio frequencies with me in the room," Moe told The Register this week.
Moe and Leverett say they found other sketchy devices during their research – some running Bluetooth, and others spewing critical device information to Amazon cloud instances. (A developer at a health monitoring company posted to an Amazon AWS support forum, claiming that the "life of our patients is at stake." They said they were monitoring "hundreds" of cardiac patients at home, and could not see their electrocardiogram signals for the last 24 hours.)
All manner of critical medical devices have been hacked, some from metres away using wireless technologies. Defibrillators have been turned off, insulin pumps forced to dump their contents, and thousands of hospital networks and critical devices and databases found open to hacking.
"We don't want to hype the point [of fatal medical exploits] we want to show that hacking can save lives, and that hackers are a global resource to save lives," Leverett says.
Moe is one of a handful of security professionals who are prodding life-critical medical devices in an effort to audit and improve security postures. Researcher Jay Radcliffe has investigated his insulin pump – describing his efforts at Black Hat 2011 – and free-software advocate Karen Sandler has explored her cardiac defibrillator. Hugo Campus is continuing to tinker with his defibrillator in an effort to gain access to his medical data.
These medical hackers last year successfully lobbied US Congress to allow exemptions to restrictive DMCA laws permitting hackers to explore medical devices, and hack vehicles.
Software flaws are not only security-related; Moe recounts one instance when her pacemaker had to be debugged after it was set to deliver the wrong number of beats, making her nearly collapse after climbing stairs at Covent Garden station.
A series of tests revealed the pacemaker software was misconfigured. ®