People entering secure facilities—such as those found in military, security, and government agencies—are often asked to hand over their connected devices such as fitness trackers and smartphones. Those devices are stored in secure lockers and then returned when their owners leave the facility. All this is done in the name of national security since these connected devices could be hijacked to compromise the security of these facilities.
But what happens if the connected device is inside the person?
That was the question Dr. Alan Michaels, director of the Electronic Systems Lab at the Hume Center for National Security and Technology at the Virginia Polytechnic Institute and State University set out to answer with a team of researchers. Michaels described how implanted medical devices—such as pacemakers and insulin pumps— could be compromised to listen to conversations, access classified information, even expose the location of these secure facilities in his presentation at this year’s Black Hat conference (which was offered virtually).
It’s not news that pacemakers, insulin pumps, hearing implants, and other IMDs have vulnerabilities which can be exploited. Back in 2011, Jerome Radcliffe discussed in a Black Hat presentation how he was able to intercept and modify the wireless control signals sent to his insulin pump (he was diabetic) to change his insulin dosage. Research in 2008 showed that wireless pacemakers and implantable cardiac defibrillators could also be manipulated. However, the research focused on the impact on the person with the IMD.
Most secure facilities would restrict devices that are GPS-based or collect location data, or ban devices that have microphones, for example. Devices can leak location data and GPS coordinates. If the device has a microphone, it can be used to listen to sensitive conversations. Some devices can be hijacked to use sensors and transducers to collect information about the facility’s environment.
The person with a fitness tracker can take it off and have it stored in a secure locker. A person with an asthma monitor that emits a predictive warning in the event of a major asthma attack can’t just take off the tracker–what if the person suffers an attack while in the facility?
The simplest way to prevent IMDs from being a security threat is to physically shield them, such as wearing a hazmat suit. It will be far safer than modifying the firmware to disable certain functions as that could impact the IMD’s operations.
Many of these policies are set without thinking about cybersecurity. It’s a difficult balance to navigate, because the security of these facilities have to be protected, but the individual has a job to do. In certain cases, it may wind up that the individual has to be denied entry because of the IMDs. It’s a discussion that security teams have to be prepared to have because this kind of situation is going to start coming up more frequently.