Bodyjacking: Security issues with Implantable Medical Devices (IMDs)

This article is based on investigative report that examines possible security exploitations and an effective protection scheme for insulin pumps. The study explores security vulnerabilities with insulin pumps information control and also determines the components in the insulin  pump systems that are exposed to security attacks. 

There was a time that only machines could have devices implanted in the form of  motherboards and processors but time has changed. Technology has grown tremendously, in this high-tech world, human body can be implanted with medical devices. Implantable Medical Devices are medical devices implanted inside the body for treating a specific medical problem. In addition it also does offer a capability for the patient which he/she  lacked (Hansen & Hansen, 2010).

Source : Reference

Furthermore, pacemakers, defibrillators and  neurostimulators have also been used in the treatment of neurodegenerative disorders like  Parkinson’s disease during Deep Brain Simulation. These devices aid in the treatment for epilepsy. There are various drug delivery systems, in the form of insulin pumps. These types of devices are used for delivering drugs to a targeted organ. In case of insulin  pumps, pancreas is the targeted organ where the pumps inject basal or bolus dosages of  insulin. According to the International Diabetes Federation (IDF), statistics revealed that  415 million people worldwide were diabetes and this figure is expected to shoot up to 642  million people by the year 2040.

A typical Insulin Pump System (IPS) comprises of three components. An infusion pump, a  wireless interface that adjusts the required parameters like the dosage and glucose levels and a Continuous Glucose Meter (CGM). The pump injects the insulin and a Continuous  Glucose Monitor (CGM) keeps a log of the glucose readings. The CGM is also armed with  a wireless transmitter (Burleson, Clark, Ransford, & Fu, 2012). The CGM also  accompanies a subcutaneous sensor for measuring the glucose level.

Apart from the basic security threats, these devices can also be attacked by intruders. Chiefly, there  are two types of attackers: Passive and Active 

Passive eavesdropper: In cryptography, when secure messages have to be exchanged the example is always taken in the form of Bob and Alice. A passive eavesdropper is usually labeled Darth when Bob and Alice are conversing. In this case, Bob is the medical device and Alice is the physician, the attacker Darth will only be able to listen to the messages being transmitted by the device to the physician. By reading through the message, the attacker is in a position to reveal confidential details about the device and the person’s  

Active antagonist: In this case, the attacker Darth is more powerful. Not only can the  attacker listen to the communication but can also intercept the communication. This  enables the attacker to also send incorrect communication, altering the messages even  before it reaches the destination or back to the device (Halperin et al., 2008). The image below depicts the various types of attacks that has been performed across different insulin pumps

Many people depend on Implantable medical devices for a healthier life style and  increased life span. These devices have been designed to treat people with problems with cardiac conditions, spinal problems and diabetic conditions. One of the further research would include the  implementation would be Artificial Pancreas. This study opens horizons for new  research like cybersecurity for medical devices. I wouldn’t have considered this study  as a possible research if I hadn’t based on literature review from peer reviewed journals.  

This in turn has enabled to add new research directions to develop and widen the  scope of the original evidence. It is high time for a need of a paradigm shift ensuring  more cybersecurity protocols and standards to be governed while designing these medical devices.

Published by The Art of Cyber-Space

I am a security professional specializing in security operations seasoned with incident management and digital forensics. With vivid experience in different industries, I am looking to explore the current cyberspace and discuss the ideology of the cybersecurity space, neuroscience and neurotechnology research from a security perspective. I love exploring various blog posts and share knowledge about the current threat landscape to instill more cybersecurity awareness.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: