Oct 21, 2008

Straight to the Heart - Tête-à-Tête Cyberattacks

Today many hit the internet's WWW for its plethora of social networks, browsing from a distance through server-side catalogs aggregating and organizing the personal profiles of millions.

Tomorrow we will be able to surf and process the profiles of people as we encounter them irl and on the fly: adjacent soccer dads and fellow pedestrians work bound - the bounty will be plenty and immediate. This brown eyed Denny's cashier - I wonder if my dating profile and credit score matches his secret longings for a suave one night stand? (Heck, I even think some of the SMC crew have patents pending for such technology).

Already scenarios are in play that consider the hazards of tête-à-tête cyberhits. A nifty vector of opportunity for assassins and deformed love seekers?

Excerpts below from the report, Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses [14-page pdf]:

Wirelessly reprogrammable implantable medical devices(IMDs) such as pacemakers, implantable cardioverter defibrillators (ICDs), neurostimulators, and implantable drug pumps use embedded computers and radios to monitor chronic disorders and treat patients with automatic therapies.

For instance, an ICD that senses a rapid heartbeat can administer an electrical shock to restore a normal heart rhythm, then later report this event to a health care practitioner who uses a commercial device programmer1 with wireless capabilities to extract data from the ICD or modify its settings without surgery.

Between 1990 and 2002, over 2.6 million pacemakers and ICDs were implanted in patients in the United States; clinical trials have shown that these devices significantly improve survival rates in certain populations. Other research has discussed potential security and privacy risks of IMDs, but we are unaware of any rigorous public investigation into the observable characteristics of a real commercial device. Without such a study, it is impossible for the research community to assess or address the security and privacy properties of past, current, and future devices. We address that gap in this paper and, based on our findings, propose and implement several prototype attack-mitigation techniques.

We assess the security and privacy properties of a common ICD and present attacks on privacy, integrity, and availability. We show that the ICD discloses sensitive information in the clear (unencrypted); we demonstrate a reprogramming attack that changes the operation of (and the information contained in) the ICD; and we give evidence that a battery-powered ICD can be made to communicate indefinitely with an unauthenticated device, thereby posing a potential denial-of-service risk. All of our attacks can be mounted by an unauthorized party equipped with a specially configured radio communicator within range of the ICD.

Attack scenarios. Since health care is a very sensitive and personal subject for many people, we explicitly choose to deviate from standard practice in the academic security research community and do not describe specific scenarios in which an attacker might compromise the privacy or health of a victim. We also do not discuss the potential impact on patients if an adversary were to carry out an attack in vivo. Rather, when discussing attacks we focus solely on the technical properties of those attacks. In addition, in each case where we identify a vulnerability, we propose a solution or technical direction to mitigate it.

Further resources available through the Medical Device Security Center.


Anonymous said...

Which catergory would you fall into: assassin or deformed love seeker? Or both and an opportunist?

M1 said...

Depends on who you ask - and which one of us meatballs you're referring to.