What Ails Our Healthcare Systems?

Transcription

1 SESSION ID: FLE-F04 What Ails Our Healthcare Systems? Minatee Mishra Sr. Group Leader Product Security, Philips Jiggyasu Sharma Technical Specialist Product Security, Philips

2 Digital revolution in Healthcare Courtesy: futureforall.org 2

3 The new medical devices ecosystem North America IoT in Healthcare Market, in (USD Billion) Courtesy: 3

4 Hacker s favorite target Courtesy: 4

5 Reasons for the topping the charts 5

6 Healthcare Hacks Courtesy: media.graytvinc.com, ilookbothways.com 6

7 Case Studies Case Study 1: Hacking IoT. Goal : Get sensitive information.

8 Case Study: 1 Hacking into Medical device hardware Architecture: Medical Device Mobile Application Back End Server 8

9 IoT possible entry points: Reconnaissance Communication Channel Communication Protocols CUSTOM Application Interfaces Hardware Interfaces 9

10 Attack surfaces (for IoT Hardware) Hardware interfaces JTAG pins (Identified) MCU (Identified) Firmware Possibly unencrypted file system EEPROM (Identified) Information (Patient data, Server ID & Device ID) Credentials (Hardcoded Credentials and Keys) JTAG Pins EEPROM MCU 10

11 Attack Scenario Tapping through ports (JTAG) Getting a Shell/ Connect to port through (JTAG) Reading the Firmware/Assembly Failed: Due to read out protection Dumping the file system Failed: Due to read out protection Exporting information from file system Failed: Due to read out protection Updating the Firmware/file system Failed: Due to read out protection Reading the EEPROM chip Read through programmers Success 11

12 Attack Impact Significant findings: Sensitive information leaked (patient information) Hardcoded Keys found on the device 12

13 Demo 13

14 Mitigations Encrypt sensitive information Never hardcode credentials/keys 14

15 Case Studies Case Study 2: Rogue Bluetooth. Goal: Manipulate data from the device.

16 Rogue Bluetooth device Architecture: IoT Device Mobile Application Back End Server 16

17 Attack surfaces ( for Bluetooth) Pairing mechanism MitM attack Exposed services 17

18 Attack Scenario Discover the Bluetooth device to attack Tap into GATT interface of device Connect to device and read characteristics Modify the characteristics value 18

19 Attack Impact DoS the Bluetooth device Sniff the information through Characteristics Connect, control and command the Bluetooth device 19

20 Demo 20

21 Mitigations Secure configuration 21

22 Case Studies Case Study 3: Mobile App and Backend Server hacking. Goal : Backend server takeover.

23 Case Study: 3 Compromising Server through Mobile App Architecture: Medical Device Mobile Application Back End Server 23

24 Attack surfaces (for Mobile Application & Backend Server) Mobile Application Insecure data storage Broken Cryptography Hardcoded secrets (credentials/keys/ip ).. Server ports and services Weak authentication Injection attacks Vulnerable services.. 24

25 Attack Scenario Reverse engineering the mobile application Find the server related information Find the services to communicate to server Exploit the vulnerable services on server Server take over Game Over!! 25

26 Attack Impact Server take over by the attacker Possibilities are plenty Family of Devices can be compromised over the internet Risk to the whole network Backdoors can be installed Malware/Ransomware can be planted Access to the whole database of sensitive information... 26

27 Demo 27

28 Mitigations Encrypt sensitive information Never hardcode credentials/keys Patch systems 28

29 What Device Manufacturer should do?

30 What Device Manufacturer should do? Development The 3 deadly sins: Default or hardcoded credentials/keys. None/improper patch strategy No encryption at rest and transit. The Virtue: No system can be perfect BUT remember to make the update strategy fool proof. During update ensure to support Secure update. Digitally sign the upgrade package. 30

31 What Device Manufacturer should do? Process Security Governance and Management Risk Management Framework Training and Awareness Vendor Management Secure Development Incident Management Post Market Surveillance Responsible Disclosure 31

32 Takeaways Healthcare ecosystem is getting connected and pervasive. Healthcare is a top target of hackers. Secure the ecosystem: secure the entire chain from the IoT to the backend server. Remember the 3 deadly sins and a virtue. Security Governance and management 32

33 Food for thought? Hacking in Progress Courtesy: 33

34 Special Thanks Android apps: Kartik Lalan, Philips. Bluetooth Device: P.N. Aravinda, Philips. Security Center of Excellence, Philips HealthTech. 34

35 Questions THANK YOU 35