Virta Labs Blog


Pacemaker Programmers (Rogue Ones): Detecting MICS Band Intruders with Software Radio

Posted by Denis Foo Kune on Dec 15, 2016 9:17:07 PM
Find me on:

The healthcare world is abuzz about potential vulnerabilities in cardiac implants. It seems that every few months, hackers publish yet another attack paper. We know the hospital C-suites are concerned about it, because protecting health delivery organizations is our business. The good news is that there are cost-effective ways for healthcare delivery organizations to manage many of the cybersecurity risks against implantable medical devices.

Our core recommendation: Keep calm and continuously monitor the effectiveness of your security controls. We've been saying some variant of this since 2008, when several of our team members published the first study of cardiac-implant security that set the quality standard for future research papers. There are bigger risks to patients, such as lightning strikes and shark attacks (statistically speaking). And there are bigger risks to hospitals, such as malware on "shadow" untracked IT assets, ransomware on outdated operating systems, phishing resulting in account compromise, theft of laptops... the list goes on. With zero reported incidents of cardiac-device hacking resulting in patient harm, the risks posed by rogue transmitters are, for the time being, theoretical. However, the consequences are great enough that it's prudent to make a plan that accounts for emerging threats.

We're nerds with a lab full of gear, and we love solving security problems for implantable medical devices (it's in our blood, so to speak), so we created a hardware & software defense mechanism. Our defense is designed to detect the kind of attacks proposed in the recent paper by the University of Leuven team.

How to Catch a MICS Band Intruder

Perfect locks and crypto are not always the best answer when the locks and crypto can pose risks to patients. We know CTOs of high-profile cybersecurity companies who don't even have locks on their homes because they've devised much more crafty security mechanisms. We are big fans of crypto, but we don't fetishize crypto. Before attempting to do the crypto equivalent of retrofitting airbags into a Chevy Corvair, consider much more effective and easy-to-deploy approaches while the medical device manufacturers begin to improve their built-in security.

Monitor the airwaves

Seeing the invisible traffic over the airwaves can be a bit of a black art, but turning the RF signals into a visible plot provides immediate insights on the communication bands reserved for medical equipment. Below is an example of an attacker attempting to pair with an implantable cardiac defibrillator, leaving a large yellow RF signal blob in the process.




Our newest prototype passively tunes in and detects unusual activity on the specific radio band (called MICS) used by modern implants. With filtering and some automated inference, we can ignore normal equipment communications and focus on unauthorized signals so that rogue transmitters can be located and shut down.



Integrate with Other Tools

If an alarm trips and nobody is around to hear it, does it make a sound? The screenshot above shows how rogue RF detectors can fit into a broader security strategy built on our BlueFlow™ platform. Whether you use our product or someone else's to monitor your clinical assets, the key is to make sure that defenses against emerging threats don't introduce too much new complexity. Maintenance, training, and integration with ops tools such as staff paging have real costs in complex real-world IT environments. We're serious about integration with major dashboards and log-aggregation platforms when we build new tools, and healthcare organizations have a right to demand the same of their other vendors.

Safety First

Everything we do at Virta Labs is based on our core principle of safety first.

This is a great time to be thinking about healthcare security. Patients and providers benefit when healthcare security and clinical workflow click together. Our BlueFlow™ offering is designed to bridge the gap between IT concerns and clinical concerns so that both sides can do their jobs with confidence. To learn more about BlueFlow™ or our special add-on services (conducted as Virta Labs Labs), fill out our contact form. Also, don't forget to protect your thermal exhaust ports too.

Try BlueFlow!

Topics: Healthcare Cybersecurity, Medical Device Security, Internet of Things / IoT