48K - views

Take Two Software Updates and See Me in the Morning:

Published byellena-manuel

The Case for Software Security Evaluations of Medical Devices. Steve Hanna. 1. , Rolf Rolles. 4. , Andres Molina-Markham. 2. , . Pongsin. . Poosankam. 1,3. , Kevin Fu. 2. , Dawn Song. 1. University of California – Berkeley.

Tags : devices software security medical software devices medical security case device evaluations hanna aed firmware aeds update external automated secure
Embed :
Presentation Download Link

Download Presentation - The PPT/PDF document "Take Two Software Updates and See Me in ..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

Take Two Software Updates and See Me in the Morning:






Presentation on theme: "Take Two Software Updates and See Me in the Morning:"— Presentation transcript:

Slide1

Take Two Software Updates and See Me in the Morning: The Case for Software Security Evaluations of Medical Devices

Steve Hanna1, Rolf Rolles4, Andres Molina-Markham2, Pongsin Poosankam1,3, Kevin Fu2, Dawn Song1

University of California – Berkeley1, University of Massachusetts Amherst2, Carnegie Mellon University3, Unaffiliated4Slide2

Changing Medical Device Landscape

Increased software complexitySoftware plays an increasing role in device failure2005-2009 (18%) due to software failure, compared to (6%) in 1980sIncreased attack opportunitiesMedical device hardware and software is usually a

monoculture within device model2Hanna, et al.

The case for Software Security Evaluations of Medical Devices

Health Data

Connected

Devices

Medical

Device

28,000

adverse event reports in 14 Models recalled 2005-2010.

Automated External DefibrillatorsSlide3

To be clear…3

Hanna, et al. The case for Software Security Evaluations of Medical Devices

AEDsICDs

XSlide4

Wisconsin requires daycare providers to be AED proficient

Global Automated External Defibrillators (AED) Market: Demand to Drive Growth; June 2009 U.S., European and Japanese External Defibrillation (PAD) Market Report. Frost & Sullivan. 2000. Valenzuela TD, et al. N Engl J Med. 2000;343:1206-1209.

Caffrey S, et al. N Engl J Med. 2002;347:1242-1247.

The Population of

AEDs

Has

Increased Significantly Over the Past 5 Years

Automated External Defibrillator

Milestones

AEDs

Worldwide

4

Hanna, et al. The case for Software Security Evaluations of Medical Devices

1,582,691

1996

1998

2000

2002

2004

2006

2008

First AED with biphasic waveform

First save on US airline

74% survival rate in casinos

75% survival rate in O’Hare Airport

PAD Trial Published

New York requires

AEDs

in public placesSlide5

Our ObjectivesExplore state of AED software security

Examine for standard software security flawsData handling, coding practices, developer assumptionsGive insight into state of medical device software and potential for future abuse5Hanna, et al. The case for Software Security Evaluations of Medical DevicesSlide6

Desirable Medical Device Properties

The device should:Ensure that software running on a system is the image that was verifiedDetect compromiseVerify and authenticate device telemetryBe robust: defenses and updates weighed with risks to patient6

Hanna, et al. The case for Software Security Evaluations of Medical DevicesSlide7

Case Study

Analyzed Cardiac Science G3 Plus model 9390APerformed static reverse engineering using IDA ProAnalyzed: MDLink, AEDUpdate and device firmwareAnalysis using BitBlaze architectureBitFuzz, the dynamic symbolic path exploration toolRemarksProblems likely not isolated to the G3 Plus

Potential for abuse as devices become more connected7

Hanna, et al.

The case for Software Security Evaluations of Medical DevicesSlide8

Vulnerabilities Discovered

AED Firmware - ReplacementAEDUpdate - Buffer overflowAEDUpdate - Plain text user credentialsMDLink - Weak password schemeVulnerabilities were verified on Windows XP SP2.

8Hanna, et al. The case for Software Security Evaluations of Medical DevicesSlide9

Firmware Replacement

Firmware update uses custom CRC to verify firmwareModified firmware, with proper CRC, is accepted by AED and update softwareImpact: Arbitrary firmware

DEVICE COMPROMISED

9

Hanna, et al.

The case for Software Security Evaluations of Medical DevicesSlide10

AEDUpdate Buffer Overflow

During update device handshake, device version number exchangedAEDUpdate improperly assumes valid inputEnables arbitrary code executionData sent from AED can be executed as code on the host PC

10Hanna, et al. The case for Software Security Evaluations of Medical DevicesSlide11

11

Hanna, et al. The case for Software Security Evaluations of Medical DevicesSlide12

Improving Medical Device Securityfor Developers

Lessons and open problems from the CS G3 PlusCryptographically secure device updatesNo security through obscurity, ensures firmware authenticityDevice telemetry verified for integrity and authenticityDefensively assume that data is not trustedPasswords cryptographically secure and easily managed Private data and life critical functionality should be protected by well-established cryptographic algorithms Defenses and updates weighed with risks to patientMedical devices should

fail open12Hanna, et al. The case for Software Security Evaluations of Medical DevicesSlide13

Recommendations

Ensure the update machine is securePhysical isolation, virtual machine for fresh installFollow FDA guidelines and advisoriesRemain vigilantMonitoring physical access, routinely updating afflicted devices, and monitoring advisories released about the device13Hanna, et al. The case for Software Security Evaluations of Medical DevicesSlide14

Final Recommendation

We recommend continued use of AEDs because of their potential to perform lifesaving functions.The attack potential is currently unmeasured and currently, these devices overwhelmingly save more lives than they imperil.

14Hanna, et al. The case for Software Security Evaluations of Medical DevicesSlide15

Thank YouQuestions?

Contact:Steve Hanna (sch@eecs.berkeley.edu)Dawn Song (dawnsong@cs.berkeley.edu) Kevin Fu (kevinfu@cs.umass.edu)secure-medicine.org

15Hanna, et al. The case for Software Security Evaluations of Medical Devices

Take Two Software Updates and See Me in the Morning: - Description

The Case for Software Security Evaluations of Medical Devices Steve Hanna 1 Rolf Rolles 4 Andres MolinaMarkham 2 Pongsin Poosankam 13 Kevin Fu 2 Dawn Song 1 University of California Berkeley ID: 258732 Download Presentation

Similar presentations

Software Updates Zen
Software Updates Zen

Jason Sandys. Principal Consultant. Catapult Systems. UD-B405. Overview. Infrastructure Requirements and Operations. Update Deployment. Client Functionality. User Experience. Dos and Don’ts. Software Update considerations.

Maintaining and Optimizing Windows
Maintaining and Optimizing Windows

Chapter . 15. Maintaining. Windows. Windows Patch Management. Windows Update. Updates are single fixes that come out often. Service packs is a collection of updates plus other items. Windows Update in Vista/7.

ASDA District 10 Conference!
ASDA District 10 Conference!

Las Vegas. February 8-10th, 2013. Purpose of the . District Conference:. Network with members of the other chapters!. Be updated on what is going on in our district & with the chapters. Brainstorm and share ideas for future events and projects.

CIT 1100 Upgrading Software
CIT 1100 Upgrading Software

In this . chapter you . will learn how . to:. Describe . the risks involved with upgrading and not upgrading. Discuss . the process of upgrading software. Explain . steps to take once you've . upgraded.

Software-defined networking:
Software-defined networking:

Change is hard. Ratul Mahajan. with. Chi-Yao Hong, Rohan Gandhi, Xin Jin, Harry Liu,. Vijay Gill, Srikanth Kandula, Mohan Nanduri, Roger Wattenhofer, Ming Zhang. Inter-DC WAN: A critical, expensive resource.

Achieving High Utilization via Software-Driven WAN
Achieving High Utilization via Software-Driven WAN

Inter-DC WAN: A critical, expensive resource. Hong Kong. Seoul. Seattle. Los Angeles. New York. Miami. Dublin. Barcelona. But it is highly inefficient. One . c. ause . of . inefficiency: Lack of coordination.

Monday Morning J. Sebag
Monday Morning J. Sebag

T&S Systems Engineer. Close Past…. 2. M1M3 acceptance and transportation to storage. Reviews and RFPs (Dome, Software, Coating Plant, Mirror Cell). Interfaces Update/Changes (Hardware and Software).

Updates from Lab 4-120
Updates from Lab 4-120

Andrew Peck & . Shayan. . Rastegari. April . 17. , . 2014. Test Stand Software – . vmetst_v7 + . alct_test. Major: Merged the ALCT and TMB/RAT test code.. Eliminated ~10,000 lines of redundant code.

SWAN: Software-driven wide area network
SWAN: Software-driven wide area network

Ratul Mahajan. Partners in crime. Ratul Mahajan. Chi-Yao Hong. Vijay Gill. Srikanth Kandula. Ming Zhang. Roger Wattenhofer. Harry Liu. Xin Jin. Rohan Gandhi. Mohan . Nanduri. . Inter-DC WAN: A critical, expensive resource.

policies. For example, software updates are always free, your satisfac
policies. For example, software updates are always free, your satisfac

Let!s say you want to display a preset psychedelic abstract design. Click the