Experimental Security Analysis of Connected Pacemakers

Guillaume Bour; Marie Elisabeth Gaup Moe; Ravishankar Borgaonkar

doi:10.5220/0010816900003123

Experimental Security Analysis of Connected Pacemakers

Guillaume Bour, Marie Elisabeth Gaup Moe, Ravishankar Borgaonkar

2022

Abstract

Medical devices and their connectivity capabilities are providing a variety of benefits to the healthcare domain, including remote monitoring, automated alerts, and improved patient outcomes. However, these medical devices introduce a range of new potential cyber security risks when connected to the Internet, affecting the patient or the healthcare infrastructure. In this paper, we systematically analyze the security issues of connected pacemakers. In particular, we use a black box testing methodology against a commercial pacemaker device and the network infrastructure. Our main objective is to understand how the data is sent from a bedside monitor in the patient’s home to the backend server hosted by the pacemaker manufacturer, and whether or not this data is protected from a cyber security perspective. To do so, we leveraged several hardware related vulnerabilities found in the bedside monitor to obtain the firmware of the device and then reverse engineered the proprietary communication protocol. We demonstrate how vulnerabilities in this protocol can be leveraged to allow an attacker to perform a man-in-the-middle attack on the pacemaker.

Download

Paper Citation

in Harvard Style

Bour G., Moe M. and Borgaonkar R. (2022). Experimental Security Analysis of Connected Pacemakers. In Proceedings of the 15th International Joint Conference on Biomedical Engineering Systems and Technologies (BIOSTEC 2022) - Volume 1: BIODEVICES; ISBN 978-989-758-552-4, SciTePress, pages 35-45. DOI: 10.5220/0010816900003123

in Bibtex Style

@conference{biodevices22,
author={Guillaume Bour and Marie Elisabeth Gaup Moe and Ravishankar Borgaonkar},
title={Experimental Security Analysis of Connected Pacemakers},
booktitle={Proceedings of the 15th International Joint Conference on Biomedical Engineering Systems and Technologies (BIOSTEC 2022) - Volume 1: BIODEVICES},
year={2022},
pages={35-45},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010816900003123},
isbn={978-989-758-552-4},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 15th International Joint Conference on Biomedical Engineering Systems and Technologies (BIOSTEC 2022) - Volume 1: BIODEVICES
TI - Experimental Security Analysis of Connected Pacemakers
SN - 978-989-758-552-4
AU - Bour G.
AU - Moe M.
AU - Borgaonkar R.
PY - 2022
SP - 35
EP - 45
DO - 10.5220/0010816900003123
PB - SciTePress