Paper 2021/1297

Listen to Your Heart: Evaluation of the Cardiologic Ecosystem

Endres Puschner, Christoph Saatjohann, Markus Willing, Christian Dresen, Julia Köbe, Benjamin Rath, Christof Paar, Lars Eckardt, Uwe Haverkamp, and Sebastian Schinzel

Abstract

Modern implantable cardiologic devices communicate via radio frequency techniques and nearby gateways to a backend server on the internet. Those implanted devices, gateways, and servers form an ecosystem of proprietary hardware and protocols that process sensitive medical data and is often vital for patients’ health. This paper analyzes the security of this Ecosystem, from technical gateway aspects, via the programmer, to configure the implanted device, up to the processing of personal medical data from large cardiological device producers. Based on a real-world attacker model, we evaluated different devices and found several severe vulnerabilities. Furthermore, we could purchase a fully functional programmer for implantable cardiological devices, allowing us to re-program such devices or even induce electric shocks on untampered implanted devices. Additionally, we sent several Art. 15 and Art. 20 GDPR inquiries to manufacturers of implantable cardiologic devices, revealing non-conforming processes and a lack of awareness about patients’ rights and companies’ obligations. This, and the fact that many vulnerabilities are still to be found after many vulnerability disclosures in recent years, present a worrying security state of the whole ecosystem.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. ARES 2021: The 16th International Conference on Availability, Reliability and Security
DOI
10.1145/3465481.3465753
Keywords
medical securityapplications
Contact author(s)
endres puschner @ mpi-sp org
christoph saatjohann @ fh-muenster de
markus willing @ ukmuenster de
History
2021-09-28: received
Short URL
https://ia.cr/2021/1297
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2021/1297,
      author = {Endres Puschner and Christoph Saatjohann and Markus Willing and Christian Dresen and Julia Köbe and Benjamin Rath and Christof Paar and Lars Eckardt and Uwe Haverkamp and Sebastian Schinzel},
      title = {Listen to Your Heart: Evaluation of the Cardiologic Ecosystem},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/1297},
      year = {2021},
      doi = {10.1145/3465481.3465753},
      url = {https://eprint.iacr.org/2021/1297}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.