A team of academic security researchers from KU Leuwen, Belgium, have discovered that medical implants like electrical brain implants are quite insecure devices because these have defected wireless interfaces.
Researchers identified that the security factor of these devices is pretty weak; the defects in their wireless interfaces can allow attackers obtain sensitive neurological data, administer shocks and intercept confidential medical data, which gets transmitted between the implant and the connected devices that are responsible for controlling, updating and reading it.
Neurostimulators can be hacked
It is worth noting that electrical brain implants, which are called neurostimulators, are used to cure neurological health issues like Parkinson’s disease and chronic pain. The wireless interfaces are critical to the functioning of these medical implants because a USB cable cannot be used to connect to the chip that has been implanted into the human brain.
By hacking neurostimulators, an attacker can cause irreversible damage to the patients by preventing them from speaking or moving. The hacking may also prove to be life-threatening, wrote the Belgian researchers in their paper that provide details about the research findings.
The researchers published the paper titled Securing Wireless Neurostimulators [PDF]. These findings were presented in March at the 8th ACM Conference on Data and Application Security and Privacy.
Attackers can directly target our brain using hacked Neurostimulators
Neurostimulators are used in a medical process called Deep Brain Stimulation or DBS that can potentially treat symptoms of diseases like Parkinson’s such as shaking and other mental health issues including depression and obsessive-compulsive disorder/OCD.
Researchers wrote in the paper that the wireless interface makes the treatment procedure more flexible and customized as per the need of every patient. But it also the enabled attackers to carry out software radio-based attacks.
In the absence of a reliable security mechanism, attackers can easily send malicious commands to the brain implant and deliver unwanted electrical signals to the brain. Such as, they can change the implant’s settings to increase the signals’ voltage, which is delivered to the patient continuously. This way, patients would be prevented from moving and speaking.
To mitigate the threat, it is important that the implants are provided with a strong security structure so that the implant and the device programmer are connected through a session key. This key should allow the establishment of a secure, private communication channel.
This solution, claim researchers, would grant access to the neurostimulator to almost any device programmer who can touch the patient’s skin if only for a few seconds because it will help in creating a protected data exchange between devices. This would also ensure that medical personnel can immediately access the neurotransmitter in case of an emergency situation.
According to researchers “to preclude the above attacks, we presented a practical and complete security architecture through which the device programmer and the neurostimulator can agree on a session key that allows to bootstrap a secure communication channel. Our solution grants access to the neurostimulator to any device programmer that can touch the patient’s skin for a few seconds.”
“This allows creating a secure data exchange between devices while ensuring that medical personnel can have immediate access to the neurostimulator in emergencies. Our solution accounts for the unique constraints and functional requirements of IMDs, requires only minor hardware changes in the devices and provides backward and forward security,” concluded researchers.
Image credit: Depositphotos