A group of Belgian academic security researchers from KU Leuwen have published a paper detailing their investigation into improving the security of neurostimulators: electrical brain implants used to treat chronic pain, Parkinson's, and other conditions.
They found that — as is typical for medical implants — security for these devices is, at best, an afterthought. They have wireless interfaces (it's hard to plug a USB cable into a chip that's been implanted into someone's brain) and defects in those interfaces could allow an attacker to administer shocks, glean sensitive neurological information, and intercept sensitive medical data that is transmitted between the implant and the devices used to read, control and update it.
The researchers propose a plausible-seeming security framework for mitigating these attacks: encrypt the data and use a physical proximity tool to initialize the crypto keys (brainwaves make great random number generators!), forcing attackers to gain close proximity (say, via a doctored hat) to effect any attack.
The measures are simple and sensible enough that the most noteworthy thing about them is that they're not in place already. The researchers didn't have to do anything particularly novel to compromise the neural implants, because the people who designed them did almost nothing by way of basic security.
n this work we have evaluated the security and privacy properties
of a widely used commercial neurostimulator. For this, we fully
reverse engineered the proprietary protocol between the device
programmer and the neurostimulator over a short-range communication channel. We demonstrated that reverse engineering was
possible without needing to have physical access to the devices
by using a black-box approach. This allowed us not only to document the message format and the protocol state-machine, but also
to discover that the messages exchanged between the devices are
neither encrypted nor authenticated. We conducted several software radio-based attacks that could endanger the patients' safety
or compromise their privacy, and showed that these attacks can be
performed using inexpensive hardware devices. The main lesson to
be learned is that security-through-obscurity is always a dangerous
design approach that often conceals insecure designs. IMD manufacturers should migrate from weak closed proprietary solutions
to open and thoroughly evaluated security solutions and use them
according to the guidelines.
To preclude the above attacks, we presented a practical and complete security architecture through which the device programmer
and the neurostimulator can agree on a session key that allows to
bootstrap a secure communication channel. Our solution grants
access to the neurostimulator to any device programmer that can
touch the patient's skin for a few seconds. This allows to create a
secure data exchange between devices while ensuring that medical
personnel can have immediate access to the neurostimulator in
emergencies. Our solution accounts for the unique constraints and
functional requirements of IMDs, requires only minor hardware
changes in the devices and provides backward and forward securit
Securing Wireless Neurostimulators [
Eduard Marin, Dave Singelée, Bohan Yang, Vladimir Volski, Guy A. E. Vandenbosch, Bart Nuttin and Bart Preneel/KU Leuven]
(via Four Short Links)