SlideShare a Scribd company logo

The Harsh Reality of Slow Movers

The Security of Things Forum
The Security of Things Forum

Medical device security and cyber risk: a presentation by Ben Ransford, CTO of Virta Labs

Technology
1 of 37
Download to read offline
☤ TM Not So Fast! The Harsh Reality of Slow Movers Ben Ransford, Ph.D.Virta Laboratories, Inc.ben@virtalabs.com @secthings 2015
Not So Fast! @secthings 2015 © ben@virtalabs.com TM –George Santayana, The Life of Reason vol. 1 “Those who cannot remember the past are condemned to repeat it.” 2
Not So Fast! @secthings 2015 © ben@virtalabs.com TM Outline • Medical-device security: a cautionary tale • Lessons for IoT • Outside-the-box anomaly/malware detection 3
Not So Fast! @secthings 2015 © ben@virtalabs.com TM Amazing devices! 4 1957 Photos: Medtronic, Computer History Museum
Not So Fast! @secthings 2015 © ben@virtalabs.com TM Amazing devices! 5 Therac-25 (ca. 1980s) Photo: SIUE
Not So Fast! @secthings 2015 © ben@virtalabs.com TM Amazing devices! 6 EFIBRILLATOR (AED) W mated external defibrillators ntessential software-based ty. The term defibrillator that use large electrical that might otherwise lead e divided into two types: types of defibrillators treat adically different in design lowing analogy: implanted s external defibrillators are er are prescribed and tuned er are available for general two further classifications automated. Trained health external defibrillators to . Our work analyzes the efibrillators (AEDs) that a g may use to treat a more rdiac arrhythmias such as Fig. 1. The Cardiac Science G3 Plus exploited to install our custom firmware. The AED displays DEVICE COMPROMISED. administered can be 150-300 Joules, which can be administered multiple times on one battery before the device requires a External Defibrillator (1985–) Photo: Steve Hanna et al., “Take Two Software Updates and See Me in the Morning…”, USENIX HealthTech 2011
Not So Fast! @secthings 2015 © ben@virtalabs.com TM Amazing devices! 7 Patient monitor Infusion pump Photos: Philips, Hospira, The Register/Medtronic Insulin pump
Not So Fast! @secthings 2015 © ben@virtalabs.com TM Amazing devices! 8 2003
 pacemaker 2013
 pacemaker prototype Photos: Ben Ransford; Medtronic
Not So Fast! @secthings 2015 © ben@virtalabs.com TM What Could Go Wrong? • Increasing software dependence • Increasing software complexity • Deeper integration with medical records, hospital IT, patients’ homes & bodies • 1980s: 6% of recalls due to software* • 2005–9: 18% of recalls due to software* 9 * Hanna et al., HealthTech 2011
Not So Fast! @secthings 2015 © ben@virtalabs.com TM Amazing harmful devices! 10 Therac-25 (ca. 1980s, recalled 1987) Photo: SIUE
Not So Fast! @secthings 2015 © ben@virtalabs.com TM Amazing open devices! 11 EFIBRILLATOR (AED) W mated external defibrillators ntessential software-based ty. The term defibrillator that use large electrical that might otherwise lead e divided into two types: types of defibrillators treat adically different in design lowing analogy: implanted s external defibrillators are er are prescribed and tuned er are available for general two further classifications automated. Trained health external defibrillators to . Our work analyzes the efibrillators (AEDs) that a g may use to treat a more rdiac arrhythmias such as Fig. 1. The Cardiac Science G3 Plus exploited to install our custom firmware. The AED displays DEVICE COMPROMISED. administered can be 150-300 Joules, which can be administered multiple times on one battery before the device requires a External Defibrillator (1985–) Photos: Hanna et al., “Take Two Software Updates and See Me in the Morning…”, USENIX HealthTech 2011 return address is checked, which allows us to redirect progra flow into arbitrary code. Fig. 2. AEDUpdate buffer overflow. Executed code includes a message b showing the potential flow of the vulnerability from the AED (if the firmw were replaced) to the software.
Not So Fast! @secthings 2015 © ben@virtalabs.com TM 2008: 😺⇠👜 • Academic study of an implantable defibrillator (IEEE S&P ‘08) • Focused security community on medical devices… oopsie! 12 Photos: Medtronic, Ben Ransford
Not So Fast! @secthings 2015 © ben@virtalabs.com TM 13 • No authentication • No encryption • Unauthorized shocks Photos: Ben Ransford
Not So Fast! @secthings 2015 © ben@virtalabs.com TM 2009–2011 • Insulin pump & defibrillator hacks (Barnaby Jack, J. Radcliffe, others) • No authentication • Unauthorized bolus 14 Photo: The Register/Medtronic
Not So Fast! @secthings 2015 © ben@virtalabs.com TM Wall Street Journal, June 2013, on a catheterization lab shut down by malware “...records show that malware had infected computer equipment needed for procedures to open blocked arteries after heart attacks.” 15 2013
Not So Fast! @secthings 2015 © ben@virtalabs.com TM 2013 • Pharmaceutical compounder (HealthTech ’13) • Must be on network, patching forbidden 16 Photo: Ben Ransford
Not So Fast! @secthings 2015 © ben@virtalabs.com TM 17 Photo: Ohemaa's MD Major hospitals say: 3–5 years: >90% of medical devices will be on the network
Not So Fast! @secthings 2015 © ben@virtalabs.com TM Lessons for IoT! 18
Not So Fast! @secthings 2015 © ben@virtalabs.com TM A RECIPE FOR SUCCESS 19
Not So Fast! @secthings 2015 © ben@virtalabs.com TM Don’t Patch the OS • Microsoft has figured out Windows security by now • The Linux kernel is perfect, always works • “Alternative” OSes won’t be targeted 20
Not So Fast! @secthings 2015 © ben@virtalabs.com TM Don’t Patch Libraries • You wrote all of the device’s code & libraries • No need to update OpenSSL, PHP, Apache, etc. 21
Not So Fast! @secthings 2015 © ben@virtalabs.com TM Use Default Secrets • Use default passwords whenever possible • Make passwords difficult to change • Ship master keys w/ devices • Hard-code credentials 22
Not So Fast! @secthings 2015 © ben@virtalabs.com TM Be Very Liberal in What You Accept • Download software via insecure channels • Don’t cryptographically sign software • It’s probably fine • Who would tamper with firmware? • Anyway tampering is illegal 23 II. AUTOMATED EXTERNAL DEFIBRILLATOR (AED) OVERVIEW In this section, we introduce automated external defibrillators and discuss why they represent a quintessential software-based medical device to investigate security. The term defibrillator refers to a broad class of devices that use large electrical shocks to treat cardiac arrhythmias that might otherwise lead to a fatal outcome. Defibrillators are divided into two types: implantable or external. While both types of defibrillators treat cardiac arrhythmias, the devices are radically different in design and purpose. One could draw the following analogy: implanted defibrillators are to mobile phones as external defibrillators are to public phone call boxes. The former are prescribed and tuned to a particular person whereas the latter are available for general use when you can find one. There are two further classifications of external defibrillators: manual or automated. Trained health care professionals may use manual external defibrillators to treat a wide range of arrhythmias. Our work analyzes the second class: automated external defibrillators (AEDs) that a person with limited medical training may use to treat a more limited (but common) number of cardiac arrhythmias such as ventricular fibrillation. Fig. 1. The Cardiac Science G3 Plus exploited to install our custom firmware. The AED displays DEVICE COMPROMISED. administered can be 150-300 Joules, which can be administered Photo: Steve Hanna et al., “Take Two Software Updates and See Me in the Morning…”, USENIX HealthTech 2011
Not So Fast! @secthings 2015 © ben@virtalabs.com TM Obscurity == Security • Nobody will scan your devices • Nobody will obtain your firmware via JTAG • Compilation is the same as encryption • Leave a network port open for “debugging” 24 Photo: Dotmed
Not So Fast! @secthings 2015 © ben@virtalabs.com TM 25 VOILÀ!
Not So Fast! @secthings 2015 © ben@virtalabs.com TM Deep Integration → Fixity • Once something works, don’t want to touch it • Sometimes replacement is really hard • Environment changes → threats change too 26 Major surgery,
 ~10yr battery Photo: Ben Ransford
Not So Fast! @secthings 2015 © ben@virtalabs.com TM IoT and Slow Movers • You want integration + customer dependence? • All bets are off once a Thing is deployed • Customers will depend on your old/stale code • Customers will depend on your old URLs • You think you know how customers will use your product, but you don’t • Optimize products & processes for patchability 27
Not So Fast! @secthings 2015 © ben@virtalabs.com TM The Mess We’re In • Major healthcare breaches afoot (Anthem: 80M!) • Attackers roost on systems that won’t get patched (TrapX “Medjack” report) • Backward thinking about patching • Perimeter security is not a solution • “Endpoint security” vendors ignore medical devices (as they ignore Things) 28
Not So Fast! @secthings 2015 © ben@virtalabs.com TM 29
Not So Fast! @secthings 2015 © ben@virtalabs.com TM Outside the Box • Nonintrusive monitoring • No software installation • Devices stay in service • Use the power side channel to infer tasks, detect unusual behavior incl. malware 30 (In beta!) Photo: Ben Ransford/Virta Labs
Not So Fast! @secthings 2015 © ben@virtalabs.com TM 31 Photo: Atomic Toasters
Not So Fast! @secthings 2015 © ben@virtalabs.com TM 32
Not So Fast! @secthings 2015 © ben@virtalabs.com TM Current Consumption Varies • Today’s CPUs and software are careful to use power management! • Modern systems exhibit high dynamic range • Workloads ➞ patterns of high/low • CPU busy ➞ more current • Peripherals busy ➞ more current • Idle time ➞ less current 33 Image: Apple
Not So Fast! @secthings 2015 © ben@virtalabs.com TM Learning from Analog Data • Collect data during representative activity • Constantly collect power signals • Featurize signals, feed features to machine learning • Feed analysis results back to customers • Crowdsource problems across customers 34
Not So Fast! @secthings 2015 © ben@virtalabs.com TM Q’s We Can A • What state is the device in? Have we seen this state before? • Does the device have certain kinds of malware? • How fast is it doing its work? 35
Not So Fast! @secthings 2015 © ben@virtalabs.com TM 36 VIRTA LABORATORIES UNKNOWN MALWARE
Not So Fast! @secthings 2015 © ben@virtalabs.com TM Takeaways • For IoT manufacturers: Recognize security debt, plan for long lifecycle • For users: Insist on coherent patching strategies that have a time dimension • For security researchers: Roll up sleeves
 
 
 Twitter: @virtalabs / @br_
 Beta program: https://www.virtalabs.com/ 37

Recommended

Patient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverPatient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverThe Security of Things Forum
 
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 Medical Device Security: State of the Art -- NoConName, Barcelona, 2011
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 shawn_merdinger
 
Network Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudyNetwork Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudySophiaPalmira
 
Medical device security presentation - Frank Siepmann
Medical device security presentation - Frank SiepmannMedical device security presentation - Frank Siepmann
Medical device security presentation - Frank SiepmannFrank Siepmann
 
CyberSecurity Medical Devices
CyberSecurity Medical DevicesCyberSecurity Medical Devices
CyberSecurity Medical DevicesSuresh Mandava
 
[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device security[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device securityOWASP
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devicesSafisSolutions
 
Collaborative Approaches for Medical Device & Healthcare Cybersecurity
Collaborative Approaches for Medical Device & Healthcare CybersecurityCollaborative Approaches for Medical Device & Healthcare Cybersecurity
Collaborative Approaches for Medical Device & Healthcare CybersecurityDr Dev Kambhampati
 

Recommended

Patient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverPatient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverThe Security of Things Forum
 
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 Medical Device Security: State of the Art -- NoConName, Barcelona, 2011
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 shawn_merdinger
 
Network Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudyNetwork Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudySophiaPalmira
 
Medical device security presentation - Frank Siepmann
Medical device security presentation - Frank SiepmannMedical device security presentation - Frank Siepmann
Medical device security presentation - Frank SiepmannFrank Siepmann
 
CyberSecurity Medical Devices
CyberSecurity Medical DevicesCyberSecurity Medical Devices
CyberSecurity Medical DevicesSuresh Mandava
 
[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device security[Wroclaw #6] Medical device security
[Wroclaw #6] Medical device securityOWASP
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devicesSafisSolutions
 
Collaborative Approaches for Medical Device & Healthcare Cybersecurity
Collaborative Approaches for Medical Device & Healthcare CybersecurityCollaborative Approaches for Medical Device & Healthcare Cybersecurity
Collaborative Approaches for Medical Device & Healthcare CybersecurityDr Dev Kambhampati
 
Security for Implantable Medical Devices (IMDs)
Security for Implantable Medical Devices (IMDs)Security for Implantable Medical Devices (IMDs)
Security for Implantable Medical Devices (IMDs)HCL Technologies
 
Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Rio Valdes
 
Medical device security_anirudh
Medical device security_anirudhMedical device security_anirudh
Medical device security_anirudhanirudh duggal
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...3GDR
 
Securing the Healthcare Industry : Implantable Medical Devices
Securing the Healthcare Industry : Implantable Medical DevicesSecuring the Healthcare Industry : Implantable Medical Devices
Securing the Healthcare Industry : Implantable Medical DevicesTandhy Simanjuntak
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015Flaskdata.io
 
Security and Privacy in Implantable Medical Devices
Security and Privacy in Implantable Medical DevicesSecurity and Privacy in Implantable Medical Devices
Security and Privacy in Implantable Medical DevicesMichael Rushanan
 
Embedded systems in biomedical applications
Embedded systems in biomedical applicationsEmbedded systems in biomedical applications
Embedded systems in biomedical applicationsSeminar Links
 
Implantable medical devices
Implantable medical devicesImplantable medical devices
Implantable medical devicesNeeraj Verma
 
IEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical DevicesIEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical DevicesAli Youssef
 
Challenges and-opportunities-in-software-driven-medical-sciences
Challenges and-opportunities-in-software-driven-medical-sciencesChallenges and-opportunities-in-software-driven-medical-sciences
Challenges and-opportunities-in-software-driven-medical-sciencesPEPGRA Healthcare
 
Healthcare cyber powerpoint
Healthcare cyber powerpointHealthcare cyber powerpoint
Healthcare cyber powerpointsafecities
 
Design of Self-Learning System for Diagnosing Health Parameters using ANFIS
Design of Self-Learning System for Diagnosing Health Parameters using ANFISDesign of Self-Learning System for Diagnosing Health Parameters using ANFIS
Design of Self-Learning System for Diagnosing Health Parameters using ANFISIRJET Journal
 
What You Need to Know About Intelligent Network Segmentation
What You Need to Know About Intelligent Network SegmentationWhat You Need to Know About Intelligent Network Segmentation
What You Need to Know About Intelligent Network SegmentationMedigate
 
Ultra-Low Power, Secure IoT Platform for Predicting Cardiovascular Diseases
Ultra-Low Power, Secure IoT Platform for Predicting Cardiovascular DiseasesUltra-Low Power, Secure IoT Platform for Predicting Cardiovascular Diseases
Ultra-Low Power, Secure IoT Platform for Predicting Cardiovascular DiseasesBHAVANA KONERU
 
The state of healthcare (ill)legality
The state of healthcare (ill)legalityThe state of healthcare (ill)legality
The state of healthcare (ill)legalityanirudh duggal
 
Avaali-IOT HealthCare Applications
Avaali-IOT HealthCare ApplicationsAvaali-IOT HealthCare Applications
Avaali-IOT HealthCare ApplicationsAvaali Solutions
 
PreScouter Internet of Medical Things: Industry Roundtable Webinar
PreScouter Internet of Medical Things: Industry Roundtable WebinarPreScouter Internet of Medical Things: Industry Roundtable Webinar
PreScouter Internet of Medical Things: Industry Roundtable WebinarPreScouter
 
Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...
Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...
Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...Altoros
 
Proper Use of Tools
Proper Use of ToolsProper Use of Tools
Proper Use of ToolsMLG College of Learning, Inc
 
Realtime embedded systems
Realtime embedded systemsRealtime embedded systems
Realtime embedded systemsFaisal Shehzad
 
06.09.26.Handout
06.09.26.Handout06.09.26.Handout
06.09.26.HandoutMohammad Al-Ubaydli
 

More Related Content

What's hot

Security for Implantable Medical Devices (IMDs)
Security for Implantable Medical Devices (IMDs)Security for Implantable Medical Devices (IMDs)
Security for Implantable Medical Devices (IMDs)HCL Technologies
 
Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Rio Valdes
 
Medical device security_anirudh
Medical device security_anirudhMedical device security_anirudh
Medical device security_anirudhanirudh duggal
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...3GDR
 
Securing the Healthcare Industry : Implantable Medical Devices
Securing the Healthcare Industry : Implantable Medical DevicesSecuring the Healthcare Industry : Implantable Medical Devices
Securing the Healthcare Industry : Implantable Medical DevicesTandhy Simanjuntak
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015Flaskdata.io
 
Security and Privacy in Implantable Medical Devices
Security and Privacy in Implantable Medical DevicesSecurity and Privacy in Implantable Medical Devices
Security and Privacy in Implantable Medical DevicesMichael Rushanan
 
Embedded systems in biomedical applications
Embedded systems in biomedical applicationsEmbedded systems in biomedical applications
Embedded systems in biomedical applicationsSeminar Links
 
Implantable medical devices
Implantable medical devicesImplantable medical devices
Implantable medical devicesNeeraj Verma
 
IEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical DevicesIEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical DevicesAli Youssef
 
Challenges and-opportunities-in-software-driven-medical-sciences
Challenges and-opportunities-in-software-driven-medical-sciencesChallenges and-opportunities-in-software-driven-medical-sciences
Challenges and-opportunities-in-software-driven-medical-sciencesPEPGRA Healthcare
 
Healthcare cyber powerpoint
Healthcare cyber powerpointHealthcare cyber powerpoint
Healthcare cyber powerpointsafecities
 
Design of Self-Learning System for Diagnosing Health Parameters using ANFIS
Design of Self-Learning System for Diagnosing Health Parameters using ANFISDesign of Self-Learning System for Diagnosing Health Parameters using ANFIS
Design of Self-Learning System for Diagnosing Health Parameters using ANFISIRJET Journal
 
What You Need to Know About Intelligent Network Segmentation
What You Need to Know About Intelligent Network SegmentationWhat You Need to Know About Intelligent Network Segmentation
What You Need to Know About Intelligent Network SegmentationMedigate
 
Ultra-Low Power, Secure IoT Platform for Predicting Cardiovascular Diseases
Ultra-Low Power, Secure IoT Platform for Predicting Cardiovascular DiseasesUltra-Low Power, Secure IoT Platform for Predicting Cardiovascular Diseases
Ultra-Low Power, Secure IoT Platform for Predicting Cardiovascular DiseasesBHAVANA KONERU
 
The state of healthcare (ill)legality
The state of healthcare (ill)legalityThe state of healthcare (ill)legality
The state of healthcare (ill)legalityanirudh duggal
 
Avaali-IOT HealthCare Applications
Avaali-IOT HealthCare ApplicationsAvaali-IOT HealthCare Applications
Avaali-IOT HealthCare ApplicationsAvaali Solutions
 
PreScouter Internet of Medical Things: Industry Roundtable Webinar
PreScouter Internet of Medical Things: Industry Roundtable WebinarPreScouter Internet of Medical Things: Industry Roundtable Webinar
PreScouter Internet of Medical Things: Industry Roundtable WebinarPreScouter
 

What's hot (18)

Security for Implantable Medical Devices (IMDs)
Security for Implantable Medical Devices (IMDs)Security for Implantable Medical Devices (IMDs)
Security for Implantable Medical Devices (IMDs)
 
Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?
 
Medical device security_anirudh
Medical device security_anirudhMedical device security_anirudh
Medical device security_anirudh
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...
 
Securing the Healthcare Industry : Implantable Medical Devices
Securing the Healthcare Industry : Implantable Medical DevicesSecuring the Healthcare Industry : Implantable Medical Devices
Securing the Healthcare Industry : Implantable Medical Devices
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015
 
Security and Privacy in Implantable Medical Devices
Security and Privacy in Implantable Medical DevicesSecurity and Privacy in Implantable Medical Devices
Security and Privacy in Implantable Medical Devices
 
Embedded systems in biomedical applications
Embedded systems in biomedical applicationsEmbedded systems in biomedical applications
Embedded systems in biomedical applications
 
Implantable medical devices
Implantable medical devicesImplantable medical devices
Implantable medical devices
 
IEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical DevicesIEC 80001 and Planning for Wi-Fi Capable Medical Devices
IEC 80001 and Planning for Wi-Fi Capable Medical Devices
 
Challenges and-opportunities-in-software-driven-medical-sciences
Challenges and-opportunities-in-software-driven-medical-sciencesChallenges and-opportunities-in-software-driven-medical-sciences
Challenges and-opportunities-in-software-driven-medical-sciences
 
Healthcare cyber powerpoint
Healthcare cyber powerpointHealthcare cyber powerpoint
Healthcare cyber powerpoint
 
Design of Self-Learning System for Diagnosing Health Parameters using ANFIS
Design of Self-Learning System for Diagnosing Health Parameters using ANFISDesign of Self-Learning System for Diagnosing Health Parameters using ANFIS
Design of Self-Learning System for Diagnosing Health Parameters using ANFIS
 
What You Need to Know About Intelligent Network Segmentation
What You Need to Know About Intelligent Network SegmentationWhat You Need to Know About Intelligent Network Segmentation
What You Need to Know About Intelligent Network Segmentation
 
Ultra-Low Power, Secure IoT Platform for Predicting Cardiovascular Diseases
Ultra-Low Power, Secure IoT Platform for Predicting Cardiovascular DiseasesUltra-Low Power, Secure IoT Platform for Predicting Cardiovascular Diseases
Ultra-Low Power, Secure IoT Platform for Predicting Cardiovascular Diseases
 
The state of healthcare (ill)legality
The state of healthcare (ill)legalityThe state of healthcare (ill)legality
The state of healthcare (ill)legality
 
Avaali-IOT HealthCare Applications
Avaali-IOT HealthCare ApplicationsAvaali-IOT HealthCare Applications
Avaali-IOT HealthCare Applications
 
PreScouter Internet of Medical Things: Industry Roundtable Webinar
PreScouter Internet of Medical Things: Industry Roundtable WebinarPreScouter Internet of Medical Things: Industry Roundtable Webinar
PreScouter Internet of Medical Things: Industry Roundtable Webinar
 

Similar to The Harsh Reality of Slow Movers

Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...
Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...
Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...Altoros
 
Realtime embedded systems
Realtime embedded systemsRealtime embedded systems
Realtime embedded systemsFaisal Shehzad
 
IOT_BASED_PATIENT_MONITORING_SYSTEM_Anan.docx
IOT_BASED_PATIENT_MONITORING_SYSTEM_Anan.docxIOT_BASED_PATIENT_MONITORING_SYSTEM_Anan.docx
IOT_BASED_PATIENT_MONITORING_SYSTEM_Anan.docxhashelectrolabs
 
IOT BASED HEALTH MONITORING BY USING PULSE OXIMETER AND ECG
IOT BASED HEALTH MONITORING BY USING PULSE OXIMETER AND ECGIOT BASED HEALTH MONITORING BY USING PULSE OXIMETER AND ECG
IOT BASED HEALTH MONITORING BY USING PULSE OXIMETER AND ECGPonselvanV
 
Maintain Peace of Mind 24/7 with Lab Monitoring and Alerting
Maintain Peace of Mind 24/7 with Lab Monitoring and AlertingMaintain Peace of Mind 24/7 with Lab Monitoring and Alerting
Maintain Peace of Mind 24/7 with Lab Monitoring and AlertingElemental Machines
 
Emergency Tracking System for Women using Body Sensors Via Wrist Watches usin...
Emergency Tracking System for Women using Body Sensors Via Wrist Watches usin...Emergency Tracking System for Women using Body Sensors Via Wrist Watches usin...
Emergency Tracking System for Women using Body Sensors Via Wrist Watches usin...IRJET Journal
 
ATM System using Augmented Reality Technology
ATM System using Augmented Reality TechnologyATM System using Augmented Reality Technology
ATM System using Augmented Reality TechnologyIRJET Journal
 
Securing IoT medical devices
Securing IoT medical devicesSecuring IoT medical devices
Securing IoT medical devicesBenjamin Biwer
 
14983184 industrial-security-system-using-auto-dialer
14983184 industrial-security-system-using-auto-dialer14983184 industrial-security-system-using-auto-dialer
14983184 industrial-security-system-using-auto-dialera_subramaniyam
 
Vivek_Presentation1.pptx
Vivek_Presentation1.pptxVivek_Presentation1.pptx
Vivek_Presentation1.pptxVishalLabde
 
Android Based Patient Health Monitoring System
Android Based Patient Health Monitoring SystemAndroid Based Patient Health Monitoring System
Android Based Patient Health Monitoring SystemIRJET Journal
 
Introduction to Random NumbersRandom numbers are extremely impor.docx
Introduction to Random NumbersRandom numbers are extremely impor.docxIntroduction to Random NumbersRandom numbers are extremely impor.docx
Introduction to Random NumbersRandom numbers are extremely impor.docxvrickens
 
Wearable Electronic Medical Devices: What Fails & Why?
Wearable Electronic Medical Devices: What Fails & Why?Wearable Electronic Medical Devices: What Fails & Why?
Wearable Electronic Medical Devices: What Fails & Why?Cheryl Tulkoff
 
ealth Monitoring System in Emergency Using IoT: A Review
ealth Monitoring System in Emergency Using IoT: A Reviewealth Monitoring System in Emergency Using IoT: A Review
ealth Monitoring System in Emergency Using IoT: A ReviewIRJET Journal
 
IRJET-Design of Automatic Smart Medication Dispenser
IRJET-Design of Automatic Smart Medication DispenserIRJET-Design of Automatic Smart Medication Dispenser
IRJET-Design of Automatic Smart Medication DispenserIRJET Journal
 

Similar to The Harsh Reality of Slow Movers (20)

Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...
Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...
Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...
 
Proper Use of Tools
Proper Use of ToolsProper Use of Tools
Proper Use of Tools
 
Realtime embedded systems
Realtime embedded systemsRealtime embedded systems
Realtime embedded systems
 
06.09.26.Handout
06.09.26.Handout06.09.26.Handout
06.09.26.Handout
 
IOT_BASED_PATIENT_MONITORING_SYSTEM_Anan.docx
IOT_BASED_PATIENT_MONITORING_SYSTEM_Anan.docxIOT_BASED_PATIENT_MONITORING_SYSTEM_Anan.docx
IOT_BASED_PATIENT_MONITORING_SYSTEM_Anan.docx
 
IOT BASED HEALTH MONITORING BY USING PULSE OXIMETER AND ECG
IOT BASED HEALTH MONITORING BY USING PULSE OXIMETER AND ECGIOT BASED HEALTH MONITORING BY USING PULSE OXIMETER AND ECG
IOT BASED HEALTH MONITORING BY USING PULSE OXIMETER AND ECG
 
Presentation
PresentationPresentation
Presentation
 
Maintain Peace of Mind 24/7 with Lab Monitoring and Alerting
Maintain Peace of Mind 24/7 with Lab Monitoring and AlertingMaintain Peace of Mind 24/7 with Lab Monitoring and Alerting
Maintain Peace of Mind 24/7 with Lab Monitoring and Alerting
 
Emergency Tracking System for Women using Body Sensors Via Wrist Watches usin...
Emergency Tracking System for Women using Body Sensors Via Wrist Watches usin...Emergency Tracking System for Women using Body Sensors Via Wrist Watches usin...
Emergency Tracking System for Women using Body Sensors Via Wrist Watches usin...
 
ATM System using Augmented Reality Technology
ATM System using Augmented Reality TechnologyATM System using Augmented Reality Technology
ATM System using Augmented Reality Technology
 
Ch2 Presentation
Ch2 PresentationCh2 Presentation
Ch2 Presentation
 
Securing IoT medical devices
Securing IoT medical devicesSecuring IoT medical devices
Securing IoT medical devices
 
14983184 industrial-security-system-using-auto-dialer
14983184 industrial-security-system-using-auto-dialer14983184 industrial-security-system-using-auto-dialer
14983184 industrial-security-system-using-auto-dialer
 
Vivek_Presentation1.pptx
Vivek_Presentation1.pptxVivek_Presentation1.pptx
Vivek_Presentation1.pptx
 
Android Based Patient Health Monitoring System
Android Based Patient Health Monitoring SystemAndroid Based Patient Health Monitoring System
Android Based Patient Health Monitoring System
 
Introduction to Random NumbersRandom numbers are extremely impor.docx
Introduction to Random NumbersRandom numbers are extremely impor.docxIntroduction to Random NumbersRandom numbers are extremely impor.docx
Introduction to Random NumbersRandom numbers are extremely impor.docx
 
Wearable Electronic Medical Devices: What Fails & Why?
Wearable Electronic Medical Devices: What Fails & Why?Wearable Electronic Medical Devices: What Fails & Why?
Wearable Electronic Medical Devices: What Fails & Why?
 
06.09.26.Handout
06.09.26.Handout06.09.26.Handout
06.09.26.Handout
 
ealth Monitoring System in Emergency Using IoT: A Review
ealth Monitoring System in Emergency Using IoT: A Reviewealth Monitoring System in Emergency Using IoT: A Review
ealth Monitoring System in Emergency Using IoT: A Review
 
IRJET-Design of Automatic Smart Medication Dispenser
IRJET-Design of Automatic Smart Medication DispenserIRJET-Design of Automatic Smart Medication Dispenser
IRJET-Design of Automatic Smart Medication Dispenser
 

Recently uploaded

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Recently uploaded (20)

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

The Harsh Reality of Slow Movers

  • 1. ☤ TM Not So Fast! The Harsh Reality of Slow Movers Ben Ransford, Ph.D.Virta Laboratories, Inc.ben@virtalabs.com @secthings 2015
  • 2. Not So Fast! @secthings 2015 © ben@virtalabs.com TM –George Santayana, The Life of Reason vol. 1 “Those who cannot remember the past are condemned to repeat it.” 2
  • 3. Not So Fast! @secthings 2015 © ben@virtalabs.com TM Outline • Medical-device security: a cautionary tale • Lessons for IoT • Outside-the-box anomaly/malware detection 3
  • 4. Not So Fast! @secthings 2015 © ben@virtalabs.com TM Amazing devices! 4 1957 Photos: Medtronic, Computer History Museum
  • 5. Not So Fast! @secthings 2015 © ben@virtalabs.com TM Amazing devices! 5 Therac-25 (ca. 1980s) Photo: SIUE
  • 6. Not So Fast! @secthings 2015 © ben@virtalabs.com TM Amazing devices! 6 EFIBRILLATOR (AED) W mated external defibrillators ntessential software-based ty. The term defibrillator that use large electrical that might otherwise lead e divided into two types: types of defibrillators treat adically different in design lowing analogy: implanted s external defibrillators are er are prescribed and tuned er are available for general two further classifications automated. Trained health external defibrillators to . Our work analyzes the efibrillators (AEDs) that a g may use to treat a more rdiac arrhythmias such as Fig. 1. The Cardiac Science G3 Plus exploited to install our custom firmware. The AED displays DEVICE COMPROMISED. administered can be 150-300 Joules, which can be administered multiple times on one battery before the device requires a External Defibrillator (1985–) Photo: Steve Hanna et al., “Take Two Software Updates and See Me in the Morning…”, USENIX HealthTech 2011
  • 7. Not So Fast! @secthings 2015 © ben@virtalabs.com TM Amazing devices! 7 Patient monitor Infusion pump Photos: Philips, Hospira, The Register/Medtronic Insulin pump
  • 8. Not So Fast! @secthings 2015 © ben@virtalabs.com TM Amazing devices! 8 2003
 pacemaker 2013
 pacemaker prototype Photos: Ben Ransford; Medtronic
  • 9. Not So Fast! @secthings 2015 © ben@virtalabs.com TM What Could Go Wrong? • Increasing software dependence • Increasing software complexity • Deeper integration with medical records, hospital IT, patients’ homes & bodies • 1980s: 6% of recalls due to software* • 2005–9: 18% of recalls due to software* 9 * Hanna et al., HealthTech 2011
  • 10. Not So Fast! @secthings 2015 © ben@virtalabs.com TM Amazing harmful devices! 10 Therac-25 (ca. 1980s, recalled 1987) Photo: SIUE
  • 11. Not So Fast! @secthings 2015 © ben@virtalabs.com TM Amazing open devices! 11 EFIBRILLATOR (AED) W mated external defibrillators ntessential software-based ty. The term defibrillator that use large electrical that might otherwise lead e divided into two types: types of defibrillators treat adically different in design lowing analogy: implanted s external defibrillators are er are prescribed and tuned er are available for general two further classifications automated. Trained health external defibrillators to . Our work analyzes the efibrillators (AEDs) that a g may use to treat a more rdiac arrhythmias such as Fig. 1. The Cardiac Science G3 Plus exploited to install our custom firmware. The AED displays DEVICE COMPROMISED. administered can be 150-300 Joules, which can be administered multiple times on one battery before the device requires a External Defibrillator (1985–) Photos: Hanna et al., “Take Two Software Updates and See Me in the Morning…”, USENIX HealthTech 2011 return address is checked, which allows us to redirect progra flow into arbitrary code. Fig. 2. AEDUpdate buffer overflow. Executed code includes a message b showing the potential flow of the vulnerability from the AED (if the firmw were replaced) to the software.
  • 12. Not So Fast! @secthings 2015 © ben@virtalabs.com TM 2008: 😺⇠👜 • Academic study of an implantable defibrillator (IEEE S&P ‘08) • Focused security community on medical devices… oopsie! 12 Photos: Medtronic, Ben Ransford
  • 13. Not So Fast! @secthings 2015 © ben@virtalabs.com TM 13 • No authentication • No encryption • Unauthorized shocks Photos: Ben Ransford
  • 14. Not So Fast! @secthings 2015 © ben@virtalabs.com TM 2009–2011 • Insulin pump & defibrillator hacks (Barnaby Jack, J. Radcliffe, others) • No authentication • Unauthorized bolus 14 Photo: The Register/Medtronic
  • 15. Not So Fast! @secthings 2015 © ben@virtalabs.com TM Wall Street Journal, June 2013, on a catheterization lab shut down by malware “...records show that malware had infected computer equipment needed for procedures to open blocked arteries after heart attacks.” 15 2013
  • 16. Not So Fast! @secthings 2015 © ben@virtalabs.com TM 2013 • Pharmaceutical compounder (HealthTech ’13) • Must be on network, patching forbidden 16 Photo: Ben Ransford
  • 17. Not So Fast! @secthings 2015 © ben@virtalabs.com TM 17 Photo: Ohemaa's MD Major hospitals say: 3–5 years: >90% of medical devices will be on the network
  • 18. Not So Fast! @secthings 2015 © ben@virtalabs.com TM Lessons for IoT! 18
  • 19. Not So Fast! @secthings 2015 © ben@virtalabs.com TM A RECIPE FOR SUCCESS 19
  • 20. Not So Fast! @secthings 2015 © ben@virtalabs.com TM Don’t Patch the OS • Microsoft has figured out Windows security by now • The Linux kernel is perfect, always works • “Alternative” OSes won’t be targeted 20
  • 21. Not So Fast! @secthings 2015 © ben@virtalabs.com TM Don’t Patch Libraries • You wrote all of the device’s code & libraries • No need to update OpenSSL, PHP, Apache, etc. 21
  • 22. Not So Fast! @secthings 2015 © ben@virtalabs.com TM Use Default Secrets • Use default passwords whenever possible • Make passwords difficult to change • Ship master keys w/ devices • Hard-code credentials 22
  • 23. Not So Fast! @secthings 2015 © ben@virtalabs.com TM Be Very Liberal in What You Accept • Download software via insecure channels • Don’t cryptographically sign software • It’s probably fine • Who would tamper with firmware? • Anyway tampering is illegal 23 II. AUTOMATED EXTERNAL DEFIBRILLATOR (AED) OVERVIEW In this section, we introduce automated external defibrillators and discuss why they represent a quintessential software-based medical device to investigate security. The term defibrillator refers to a broad class of devices that use large electrical shocks to treat cardiac arrhythmias that might otherwise lead to a fatal outcome. Defibrillators are divided into two types: implantable or external. While both types of defibrillators treat cardiac arrhythmias, the devices are radically different in design and purpose. One could draw the following analogy: implanted defibrillators are to mobile phones as external defibrillators are to public phone call boxes. The former are prescribed and tuned to a particular person whereas the latter are available for general use when you can find one. There are two further classifications of external defibrillators: manual or automated. Trained health care professionals may use manual external defibrillators to treat a wide range of arrhythmias. Our work analyzes the second class: automated external defibrillators (AEDs) that a person with limited medical training may use to treat a more limited (but common) number of cardiac arrhythmias such as ventricular fibrillation. Fig. 1. The Cardiac Science G3 Plus exploited to install our custom firmware. The AED displays DEVICE COMPROMISED. administered can be 150-300 Joules, which can be administered Photo: Steve Hanna et al., “Take Two Software Updates and See Me in the Morning…”, USENIX HealthTech 2011
  • 24. Not So Fast! @secthings 2015 © ben@virtalabs.com TM Obscurity == Security • Nobody will scan your devices • Nobody will obtain your firmware via JTAG • Compilation is the same as encryption • Leave a network port open for “debugging” 24 Photo: Dotmed
  • 25. Not So Fast! @secthings 2015 © ben@virtalabs.com TM 25 VOILÀ!
  • 26. Not So Fast! @secthings 2015 © ben@virtalabs.com TM Deep Integration → Fixity • Once something works, don’t want to touch it • Sometimes replacement is really hard • Environment changes → threats change too 26 Major surgery,
 ~10yr battery Photo: Ben Ransford
  • 27. Not So Fast! @secthings 2015 © ben@virtalabs.com TM IoT and Slow Movers • You want integration + customer dependence? • All bets are off once a Thing is deployed • Customers will depend on your old/stale code • Customers will depend on your old URLs • You think you know how customers will use your product, but you don’t • Optimize products & processes for patchability 27
  • 28. Not So Fast! @secthings 2015 © ben@virtalabs.com TM The Mess We’re In • Major healthcare breaches afoot (Anthem: 80M!) • Attackers roost on systems that won’t get patched (TrapX “Medjack” report) • Backward thinking about patching • Perimeter security is not a solution • “Endpoint security” vendors ignore medical devices (as they ignore Things) 28
  • 29. Not So Fast! @secthings 2015 © ben@virtalabs.com TM 29
  • 30. Not So Fast! @secthings 2015 © ben@virtalabs.com TM Outside the Box • Nonintrusive monitoring • No software installation • Devices stay in service • Use the power side channel to infer tasks, detect unusual behavior incl. malware 30 (In beta!) Photo: Ben Ransford/Virta Labs
  • 31. Not So Fast! @secthings 2015 © ben@virtalabs.com TM 31 Photo: Atomic Toasters
  • 32. Not So Fast! @secthings 2015 © ben@virtalabs.com TM 32
  • 33. Not So Fast! @secthings 2015 © ben@virtalabs.com TM Current Consumption Varies • Today’s CPUs and software are careful to use power management! • Modern systems exhibit high dynamic range • Workloads ➞ patterns of high/low • CPU busy ➞ more current • Peripherals busy ➞ more current • Idle time ➞ less current 33 Image: Apple
  • 34. Not So Fast! @secthings 2015 © ben@virtalabs.com TM Learning from Analog Data • Collect data during representative activity • Constantly collect power signals • Featurize signals, feed features to machine learning • Feed analysis results back to customers • Crowdsource problems across customers 34
  • 35. Not So Fast! @secthings 2015 © ben@virtalabs.com TM Q’s We Can A • What state is the device in? Have we seen this state before? • Does the device have certain kinds of malware? • How fast is it doing its work? 35
  • 36. Not So Fast! @secthings 2015 © ben@virtalabs.com TM 36 VIRTA LABORATORIES UNKNOWN MALWARE
  • 37. Not So Fast! @secthings 2015 © ben@virtalabs.com TM Takeaways • For IoT manufacturers: Recognize security debt, plan for long lifecycle • For users: Insist on coherent patching strategies that have a time dimension • For security researchers: Roll up sleeves
 
 
 Twitter: @virtalabs / @br_
 Beta program: https://www.virtalabs.com/ 37