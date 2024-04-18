from the brains-need-an-update-Tuesday dept.
A team of academic security researchers from KU Leuwen, Belgium, have discovered that medical implants like electrical brain implants are quite insecure devices because these have defected [sic] wireless interfaces.
Researchers identified that the security factor of these devices is pretty weak; the defects in their wireless interfaces can allow attackers obtain sensitive neurological data, administer shocks and intercept confidential medical data, which gets transmitted between the implant and the connected devices that are responsible for controlling, updating and reading it.
[...] By hacking neurostimulators, an attacker can cause irreversible damage to the patients by preventing them from speaking or moving. The hacking may also prove to be life-threatening, wrote the Belgian researchers in their paper that provide details about the research findings.
Source: Hackread
The research paper in PDF form. [DOI: 10.1145/3176258.3176310]
From the abstract:
Implantable medical devices (IMDs) typically rely on proprietary protocols to wirelessly communicate with external device programmers. In this paper, we fully reverse engineer the proprietary protocol between a device programmer and a widely used commercial neurostimulator from one of the leading IMD manufacturers. For the reverse engineering, we follow a black-box approach and use inexpensive hardware equipment. We document the message format and the protocol state-machine, and show that the transmissions sent over the air are neither encrypted nor authenticated. Furthermore, we conduct several software radio-based attacks that could compromise the safety and privacy of patients, and investigate the feasibility of performing these attacks in real scenarios.
(Score: 2) by crafoo on Tuesday April 24, @03:15PM
I guess I expected much more care to be taken in wireless signals transmitted to something that directly affects a patient's brain operation. In a world where Hollywood movies are protected by the best encryption available, and publishers are demanding end-to-end encryption of digital signals to play back their entertainment.. brain interface devices are wide open, without even authentication of the signal's origin? What a strange world.