As researchers continue to expose the security vulnerabilities of current insulin pumps, pacemakers, and other software-controlled devices, pressure is mounting for solutions that can protect patients if such attacks are launched in the real world. After demonstrating the ability to reverse engineer an insulin pump, a group of researchers from Princeton University (New Jersey) and Purdue University (West Lafayette, IN) has developed MedMon, a prototype firewall that could act as a viable safeguard against wireless medical device hacking.

"It was surprisingly easy to hack into the insulin pump. It appears that many of these devices were not designed with security in mind, so [the pump] was very vulnerable," notes Niraj Jha, a professor of electrical engineering at Princeton. "The advantage of having an insulin pump far outweighs such a risk. But for the next generation of devices, it would be good to have other defenses built into medical devices."

Attempting to offer such a defense against malicious medical device hacking, the researchers created the MedMon firewall. Providing multilayer anomaly protection, the prototype system is designed to safeguard devices against both physical and behavioral anomalies through wireless monitoring of the patient. In terms of physical anomalies, Jha explains, the system can identify a possible attack by recognizing changes in physical signal characteristics. Signals that fall outside of a particular range or come at a different time interval or angle can indicate a security threat, for example.

"If it's a sophisticated attacker and he knows our methodology, he could try to fool the system by transmitting with similar signal characteristics to legitimate transmissions," Jha notes. "We then have another layer of protection, called behavioral anomaly detection, where we are protecting command and data anomalies. So, if someone is trying to cause multiple or higher dosages to be administrated to the patient that's beyond the [acceptable] range, we detect that through behavioral anomaly detection."

MedMon also features both a passive and an active mode. A security breach that does not endanger a patient, for instance, will simply trigger an alert to make a patient aware of the issue. However, attempts to manipulate control or data will prompt the firewall to intercept and actively jam the suspicious signal so that it does not reach the medical device, according to Jha.

Although the researchers have achieved a proof of concept, a commercial version would need to be miniaturized. If commercialized, the technology could offer a stand-alone security solution to current software-controlled medical devices. The firewall system could be marketed directly to patients and either attached to a smartphone, kept in a patient's pocket, or worn on the body to protect implanted or body-worn medical devices. Alternatively, medical device manufacturers could begin packaging MedMon as a separate security unit with current wireless devices in the near term. In the future, they could potentially integrate the firewall directly into next-generation devices.

"No security system is absolutely foolproof, but I think our system certainly raises the bar for attackers," adds Anand Raghunathan, a professor of electrical and computer engineering at Purdue. "The risk of such attacks is low, but they are certainly cause for concern. Our objective is to make sure that these laboratory attacks are never successful in the real world."