Getting Started
Medical Device Cybersecurity for Engineers and Manufacturers
A comprehensive guide to medical device secure lifecycle management, this is a book for engineers, managers, and regulatory specialists. Readers gain insight into the security aspects of every phase of the product lifecycle, including concept, design, implementation, supply chain, manufacturing, postmarket surveillance, maintenance, updates, and end-of-life…
Security Tradeoffs in Cyber Physical Systems: A Case Study Survey on Implantable Medical Devices
The new culture of networked systems that offer everywhere accessible services has given rise to various types of security tradeoffs. As a result, the issue of security of cyber physical systems requires a special holistic treatment…
SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks
Balancing security, privacy, safety, and utility is a necessity in the health care domain, in which implantable medical devices (IMDs) and body area networks (BANs) have made it possible to continuously and automatically manage and treat a number of health conditions…
Cybersecurity vulnerabilities in medical devices: a complex environment and multifaceted problem
The increased connectivity to existing computer networks has exposed medical devices to cybersecurity vulnerabilities from which they were previously shielded. For the prevention of cybersecurity incidents, it is important to recognize the complexity of the operational environment as well as to catalog the technical vulnerabilities…
Security issues in implantable medical devices: Fact or fiction?
Smart healthcare is an integral part of smart cities. Modern medical devices are becoming increasingly software dependent. Doctors and patients are now using their smart-phones to control and monitor implantable medical devices (IMDs) such as cardiac implants, insulin pumps, deep brain neurostimulators, etc. via the Internet or Bluetooth connections.
Side-Channel Attacks
Overview
Security of implantable medical devices with wireless connections: The dangers of cyber-attacks
Modern wireless implantable medical devices (IMDs) began to be widely introduced to medical practice in the early 2000s, when devices such as cardiac implants, insulin pumps, and neurological implantable pulse generators (IPGs) started featuring wireless clinician controls and monitoring functions.
On the (in)security of the latest generation implantable cardiac defibrillators and how to secure them
Implantable Medical Devices (IMDs) typically use proprietary protocols with no or limited security to wirelessly communicate with a device programmer. These protocols enable doctors to carry out critical functions, such as changing the IMD’s therapy or collecting telemetry data, without having to perform surgery on the patient.
On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces
Brain computer interfaces (BCI) are becoming increasingly popular in the gaming and entertainment industries. Consumer-grade BCI devices are available for a few hundred dollars and are used in a variety of applications, such as video games, hands-free keyboards, or as an assistant in relaxation training.
On Pairing Constrained Wireless Devices Based on Secrecy of Auxiliary Channels: The Case of Acoustic Eavesdropping
Secure “pairing” of wireless devices based on auxiliary or out-of-band (OOB) – audio, visual or tactile – communication is a well-established research direction. Lack of good quality interfaces on or physical access to certain constrained devices (e.g., headsets, access points, medical implants) makes pairing a challenging problem in practice
Breaking (and Fixing) a Widely Used Continuous Glucose Monitoring System
A Continuous Glucose Monitoring System is a medical device that continuously monitors a patient’s blood glucose concentration, which is essential in the treatment of diabetes. Although such devices are increasingly used, their security has not been thoroughly studied.
Attack-tree-based Threat Modeling of Medical Implants
Modern Implantable Medical Devices (IMDs) are low-power embedded systems with life-critical functionalities. Almost all of these devices are equipped with wireless communication capabilities in order to aid in diagnosis, in updating the functional settings and firmware and so on, without any surgical procedure to perform these tasks manually.
Resource-Depletion
Defending Resource Depletion Attacks on Implantable Medical Devices
Implantable Medical Devices (IMDs) have been widely used to treat chronic diseases such as cardiac arrhythmia and diabetes. Many IMDs are enabled with wireless communication capabilities and can communicate with an outside programmer/reader wirelessly. With the rapid growth of IMDs, IMD security becomes a critical issue since attacks on IMDs may directly harm the patient.
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses
Our study analyzes the security and privacy properties of an implantable cardioverter defibrillator (ICD). Introduced to the U.S. market in 2003, this model of ICD includes pacemaker technology and is designed to communicate wirelessly with a nearby external programmer in the 175 kHz frequency range.
Zero-Power Defense Done Right: Shielding IMDs from Battery-Depletion Attacks
The wireless capabilities of modern Implantable Medical Devices (IMDs) make them vulnerable to security attacks. One prominent attack, which has disastrous consequences for the patient’s wellbeing, is the battery Denial-of-Service attack whereby the IMD is occupied with continuous authentication requests from an adversary with the aim of depleting its battery.
EMI Injection
Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors
Electromagnetic interference (EMI) affects circuits by inducing voltages on conductors. Analog sensing of signals on the order of a few millivolts is particularly sensitive to interference. This work (1) measures the susceptibility of analog sensor systems to signal injection attacks by intentional, low-power emission of chosen electromagnetic waveforms, and (2) proposes defense mechanisms to reduce the risks.
Taxonomy and Challenges of Out-of-Band Signal Injection Attacks and Defenses
Recent research has shown that the integrity of sensor measurements can be violated through out-of-band signal injection attacks. These attacks target the conversion process from a physical quantity to an analog property-a process that fundamentally cannot be authenticated.
Reviews
Security Vulnerabilities, Attacks, Countermeasures, and Regulations of Networked Medical Devices—A Review
Over the last few years, healthcare administrations have been digitizing their provision of care that led to an increased number of networked medical devices and medical telemetry. Due to such digitization, medical devices have made phenomenal strides in the course of the last half-century. These networked medical devices have enhanced the quality and accessibility of health treatments by achieving pervasive healthcare vision…