Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero- Power Defenses By: Halperin, Heydt—Benjamin, Ransford, Clark, Defend, Morgan, Fu, Kohno, and Maisel Presented by: Charlie Allen
Overview IMDs Attacks Defenses – Notification – Authentication – Key Exchange Future Work
IMDs Pacemakers Implantable Cardioverter Defibrilators (ICD) Neurostimulators Drug Pumps Wireless
Implanted ICD
Programming IMDs Commercial Programmers Radio Communicator
Security Model Access to programmers Passive Adversary Active Adversary Assumptions – ICDs Honest
Intercepting Communication Reverse engineering Eavesdropping Limitations
Attacks ICD Identification Disclosing patient data Disclosing cardiac data Changing patient name Setting the ICD’s clock Changing therapies Inducing fibrillation Power denial of service
WISPer Notification Zero-Power Sound Audibility
WISP with Attached Piezo-element
Authentication Uses Master Key known by all programmers Identity specific to IMD Nonce known by programmer in advance Improvements Random nonce
Key Exchange Process Medium
Questions?