Do no harm: Securing wireless medical devices

18 October 2021 14:00

Emmanuel Sambuis, senior marketing director, head of portable medical devices at Silicon Labs, examines growing threats and how to guard against them.

Technology plays an essential part in today’s healthcare systems. Expensive, room-size systems like MRI scanners are known to be essential, but a vital role is also played by small, low-cost portable devices.

One of the enabling technologies for portable medical devices is wireless connectivity, such as Bluetooth – making it straightforward for devices to connect to computers or smartphones to transfer data. This means that patients can be at home while rehabilitating or with a chronic condition, with convenient monitoring of blood glucose levels or blood pressure, for example.

It’s not just monitoring – devices such as insulin pumps can take an active role in dispensing medication or other tasks. Overall, the global wireless portable medical device market is expected to continue its substantial growth, adding another $17 billion in revenue by 2025.

As well as improving patient quality of life, these portable devices also enable big financial savings, by freeing up beds in hospitals and clinics. Doctors can conduct medical diagnosis, observation, and consultation remotely, with the added benefit of minimising the risk of COVID-19 transmission.

Growing threats

In the past, medical devices have been effectively immune to security threats because they were not connected to other devices or systems. Users and doctors could trust these devices, and security wasn't an issue for device makers.

However, as wireless medical devices grow in popularity, security concerns are looming. Product developers must take into consideration critical security concerns to succeed in the wireless medical device market and safeguard the digital healthcare transformation.

This isn’t just a theoretical risk, and vulnerabilities are starting to appear that pose real dangers. In 2020, the US Food and Drug Administration (FDA) issued a warning about the SweynTooth vulnerability; potential exploits could have introduced risks for wireless Bluetooth Low Energy (BLE) enabled medical devices. This could have included crashing and stopping a device from functioning, enabling unauthorised users to access device functions, and exposing private information. Thankfully, the industry reacted quickly to stop SweynTooth before any harm was done.

Given the increasing number of exposed vulnerabilities, the healthcare industry and device makers must make wireless security a top development priority. Let’s look at some of the most critical security considerations that device makers, manufacturers and healthcare tech professionals should consider when developing or evaluating wireless medical devices.

Software vulnerabilities

The most common security threat in wireless medical devices is malicious code insertion. A hacker inserts code to make the device execute the wrong software instead of its real, authentic code. Malicious code insertion can be eliminated by authenticating software before it executes on the device. When malicious code is detected, the device should be programmed to trigger a countermeasure, such as deactivating the infected product.

As well as malicious code, another vulnerability is software updates. These may be required multiple times during the lifetime of a medical device, with each event creating a risk of hacking. To keep updates safe, the product developers must consider the entire lifecycle maintenance process. This includes how the installed device base is safely managed via over-the-air (OTA), authenticating the update file, encrypting the whole process, and guaranteeing an unaltered firmware image via the secure boot.

Chipsets at risk

How can a product developer know whether a wireless chipset or microcontroller is secure enough for medical use? The safest option is to use security-certified silicon. DTSec Protection Profile and Security Evaluation for IoT Platforms (SESIP) published by GlobalPlatform.org define a standard for trustworthy assessment of the security of IoT platforms.

Bluetooth medical devices are typically used remotely by non-tech-savvy users in unprotected environments. This makes it easy for hackers to use cloned chipsets and fake smartphone applications to interfere in the authentication process, accessing devices and private data. The solution to cloning lies in using chipsets hardcoded with a unique ID, which identifies the device each time it joins the network, and enables de-commissioning old products to avoid cloning.

Keys and backdoors

Leaving a USB port unprotected can provide easy access to a computer, to add malicious code, or to copy confidential information – any security-conscious organisation will consider locking down all the USB ports on their desktops and laptops.

It’s not just USB ports of course, and the same principle applies to other ports on wireless medical devices. However, product developers can easily shut open back doors with a debug port that can be locked and unlocked with an encrypted key. It prevents unauthorized access while allowing easy yet safe diagnostics and updates in the field.

However, sloppy key protection is a weakness for many medical device makers. Key protection is often the first thing hackers attack because a successful attack vector can be repeated to exploit the entire installed base. The Physically Unclonable Function (PUF) creates a random and unique secret key from individual device imperfections. The PUF key is always generated at start-up and encrypts all keys in the secure key storage, and applications can handle the keys while they remain confidential.

Differential Power Analysis attacks

Differential Power Analysis (DPA) is based on highly advanced power monitoring and mathematical signal analysis to regenerate the device's security keys. DPA can work because the power consumption of a device will depend on exactly what it’s doing at any given moment, and it’s possible to use this information to deduce useful information for an attacker.

A DPA attack requires physical access to the device, but if successful, it exploits the entire product line or device fleet. Product developers can neutralise DPA threats in their designs by using chipsets equipped with a specific Differential Power Analysis countermeasure technology.

Plan for the worst, aim for the best

Portable wireless devices are transforming our healthcare systems with huge opportunities to improve efficiency and provide better care for our ageing population. They also provide a big revenue opportunity for device makers and other businesses.

However, there is a real risk that vulnerabilities and security threats could cause major problems in this market – compromising personal data, de-activating devices, or sometimes even worse.

The answer is to take these security issues seriously and to ensure that appropriate technology is used to protect devices at all levels. The solutions exist to do this – it’s down to designers to make sure they’re included in their products.

Related

Ways of optimising power and security in BLE medical devices

The rising importance of cybersecurity and compliance in healthcare

Setting new standards for wireless medical devices

Training our way out of the cybersecurity shortfall