People with implanted neurostimulators are vulnerable to wireless attacks

A group of Belgian academic security researchers from KU Leuwen have published a paper detailing their investigation into improving the security of neurostimulators: electrical brain implants used to treat chronic pain, Parkinson's, and other conditions.

They found that -- as is typical for medical implants -- security for these devices is, at best, an afterthought. They have wireless interfaces (it's hard to plug a USB cable into a chip that's been implanted into someone's brain) and defects in those interfaces could allow an attacker to administer shocks, glean sensitive neurological information, and intercept sensitive medical data that is transmitted between the implant and the devices used to read, control and update it.

The researchers propose a plausible-seeming security framework for mitigating these attacks: encrypt the data and use a physical proximity tool to initialize the crypto keys (brainwaves make great random number generators!), forcing attackers to gain close proximity (say, via a doctored hat) to effect any attack.

The measures are simple and sensible enough that the most noteworthy thing about them is that they're not in place already. The researchers didn't have to do anything particularly novel to compromise the neural implants, because the people who designed them did almost nothing by way of basic security.

n this work we have evaluated the security and privacy properties of a widely used commercial neurostimulator. For this, we fully reverse engineered the proprietary protocol between the device programmer and the neurostimulator over a short-range communication channel. We demonstrated that reverse engineering was possible without needing to have physical access to the devices by using a black-box approach. This allowed us not only to document the message format and the protocol state-machine, but also to discover that the messages exchanged between the devices are neither encrypted nor authenticated. We conducted several software radio-based attacks that could endanger the patients’ safety or compromise their privacy, and showed that these attacks can be performed using inexpensive hardware devices. The main lesson to be learned is that security-through-obscurity is always a dangerous design approach that often conceals insecure designs. IMD manufacturers should migrate from weak closed proprietary solutions to open and thoroughly evaluated security solutions and use them according to the guidelines.

To preclude the above attacks, we presented a practical and complete security architecture through which the device programmer and the neurostimulator can agree on a session key that allows to bootstrap a secure communication channel. Our solution grants access to the neurostimulator to any device programmer that can touch the patient’s skin for a few seconds. This allows to create a secure data exchange between devices while ensuring that medical personnel can have immediate access to the neurostimulator in emergencies. Our solution accounts for the unique constraints and functional requirements of IMDs, requires only minor hardware changes in the devices and provides backward and forward securit

Securing Wireless Neurostimulators [ Eduard Marin, Dave Singelée, Bohan Yang, Vladimir Volski, Guy A. E. Vandenbosch, Bart Nuttin and Bart Preneel/KU Leuven]

(via Four Short Links)