Making The Case For Medical Device Software Protection

Former U.S. Vice President Dick Cheney acknowledged that he once feared that terrorists could use the electrical device that had been implanted near his heart to kill him and had his doctor disable its wireless function. The device in question was a defibrillator that could detect irregular heartbeats and control them with electrical jolts. Cheney had his doctor turn off the device’s wireless function in case a terrorist tried to send his heart a fatal shock.

Medical devices used for critical care are becoming increasingly reliant on software and securing that software from tampering and malware has become a critical consideration in the development process.

Even so, software security remains an afterthought in some medical device design, according to researchers from Carnegie Mellon who are working towards evaluating the software security of medical devices. In their paper, "Take Two Software Updates and See Me in the Morning: The Case for Software Security Evaluations of Medical Devices," Steven Hanna, University of California Berkeley, et al, notes that medical devices are susceptible to malware because:

1. Software in medical devices is becoming increasingly complex.
2. More and more medical devices are becoming networked with wireless Internet connectivity.
3. More medical devices are evolving from electro-mechanical to software-controlled devices.
4. Analyzing security after a potential risk becomes a tangible threat would be too late for effective deployment of defensive technology.

In their study of an Automated External Defibrillator (AED), they identified security flaws in both the embedded software and the commercial off-the-shelf software (COTS) update mechanism. They concluded that manufacturers of medical devices containing software should have plans for assessing specific security risks, detecting security compromises, and recovering from computer security incidents—especially if the manufacturer plans to use wireless communication or Internet connectivity that would increase the device exposure to the risks of malicious software.

After becoming aware of cybersecurity vulnerability and incidents that could directly impact medical devices or hospital network operations, the FDA is recommending that medical device manufacturers and health care facilities take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cyber-attack, which could be initiated by the introduction of malware into the medical equipment or unauthorized access to configuration settings in medical devices and those connected to hospital networks.

They further stated that manufacturers are responsible for remaining vigilant about identifying risks and hazards associated with their medical devices, including risks related to cybersecurity, and are responsible for putting appropriate mitigations in place to address patient safety and assure proper device performance.

At Wibu-Systems, we are providing the tools that enable embedded software developers to protect medical devices. The term "Integrity Protection" encompasses security measures, namely protection of system resources, programs and data against unauthorized manipulation, or at least identification and display of such modifications. The challenge consists in guaranteeing data integrity, and, if not possible, bringing the system to a safe mode and stopping the execution of any function.

We’ve demonstrated that the best integrity protection solutions are based on cryptography and associated security mechanisms, such as digital signatures and message authentication. With our CodeMeter licensing and protection platform, we provide a smart-card-security-based protection system, which is available for industrial interfaces. By utilizing CodeMeter, you can secure a device so that it only receives software updates from the device manufacturer. When the device is started, integrity checks are performed to be sure that the software being run is authenticated and not some type of virus.

CodeMeter supports common operating systems like Windows, macOS, Linux as well as Windows Embedded, Embedded Linux, RTOS like Wind River’s VxWorks and PLC development software like CODESYS and more. It contains a secure implementation of symmetric and asymmetric encryption methods (AES, RSA, ECC), functions for signature validation (ECDSA) and a random number generator, according to FIPS140-1 and fulfilling EAL 4+ (Common Criteria Certified). CodeMeter includes all the available tools needed to implement all of the steps described above for integrity protection, software protection and the prevention of code tampering of embedded medical devices.