A group of Belgian academic security researchers from KU Leuwen have published a paper detailing their investigation into improving the security of neurostimulators: electrical brain implants used to treat chronic pain, Parkinson's, and other conditions.







They found that — as is typical for medical implants — security for these devices is, at best, an afterthought. They have wireless interfaces (it's hard to plug a USB cable into a chip that's been implanted into someone's brain) and defects in those interfaces could allow an attacker to administer shocks, glean sensitive neurological information, and intercept sensitive medical data that is transmitted between the implant and the devices used to read, control and update it.

The researchers propose a plausible-seeming security framework for mitigating these attacks: encrypt the data and use a physical proximity tool to initialize the crypto keys (brainwaves make great random number generators!), forcing attackers to gain close proximity (say, via a doctored hat) to effect any attack.





The measures are simple and sensible enough that the most noteworthy thing about them is that they're not in place already. The researchers didn't have to do anything particularly novel to compromise the neural implants, because the people who designed them did almost nothing by way of basic security.



n this work we have evaluated the security and privacy properties

of a widely used commercial neurostimulator. For this, we fully

reverse engineered the proprietary protocol between the device

programmer and the neurostimulator over a short-range communication channel. We demonstrated that reverse engineering was

possible without needing to have physical access to the devices

by using a black-box approach. This allowed us not only to document the message format and the protocol state-machine, but also

to discover that the messages exchanged between the devices are

neither encrypted nor authenticated. We conducted several software radio-based attacks that could endanger the patients' safety

or compromise their privacy, and showed that these attacks can be

performed using inexpensive hardware devices. The main lesson to

be learned is that security-through-obscurity is always a dangerous

design approach that often conceals insecure designs. IMD manufacturers should migrate from weak closed proprietary solutions

to open and thoroughly evaluated security solutions and use them

according to the guidelines. To preclude the above attacks, we presented a practical and complete security architecture through which the device programmer

and the neurostimulator can agree on a session key that allows to

bootstrap a secure communication channel. Our solution grants

access to the neurostimulator to any device programmer that can

touch the patient's skin for a few seconds. This allows to create a

secure data exchange between devices while ensuring that medical

personnel can have immediate access to the neurostimulator in

emergencies. Our solution accounts for the unique constraints and

functional requirements of IMDs, requires only minor hardware

changes in the devices and provides backward and forward securit

Securing Wireless Neurostimulators [

Eduard Marin, Dave Singelée, Bohan Yang, Vladimir Volski, Guy A. E. Vandenbosch, Bart Nuttin and Bart Preneel/KU Leuven]





(via Four Short Links)