SESSION ID: FLE-F04 What Ails Our Healthcare Systems? Minatee Mishra Sr. Group Leader Product Security, Philips HealthTech @minatee_mishra Jiggyasu Sharma Technical Specialist Product Security, Philips HealthTech @jiggyasu_sharma
Digital revolution in Healthcare Courtesy: futureforall.org 2
The new medical devices ecosystem North America IoT in Healthcare Market, in (USD Billion) Courtesy: www.grandviewresearch.com 3
Hacker s favorite target Courtesy: www.cyberwarzone.com 4
Reasons for the topping the charts 5
Healthcare Hacks Courtesy: www.feedmaza.com, media.graytvinc.com, ilookbothways.com 6
Case Studies Case Study 1: Hacking IoT. Goal : Get sensitive information.
Case Study: 1 Hacking into Medical device hardware Architecture: Medical Device Mobile Application Back End Server 8
IoT possible entry points: Reconnaissance Communication Channel Communication Protocols CUSTOM Application Interfaces Hardware Interfaces 9
Attack surfaces (for IoT Hardware) Hardware interfaces JTAG pins (Identified) MCU (Identified) Firmware Possibly unencrypted file system EEPROM (Identified) Information (Patient data, Server ID & Device ID) Credentials (Hardcoded Credentials and Keys) JTAG Pins EEPROM MCU 10
Attack Scenario Tapping through ports (JTAG) Getting a Shell/ Connect to port through (JTAG) Reading the Firmware/Assembly Failed: Due to read out protection Dumping the file system Failed: Due to read out protection Exporting information from file system Failed: Due to read out protection Updating the Firmware/file system Failed: Due to read out protection Reading the EEPROM chip Read through programmers Success 11
Attack Impact Significant findings: Sensitive information leaked (patient information) Hardcoded Keys found on the device 12
Demo 13
Mitigations Encrypt sensitive information Never hardcode credentials/keys 14
Case Studies Case Study 2: Rogue Bluetooth. Goal: Manipulate data from the device.
Rogue Bluetooth device Architecture: IoT Device Mobile Application Back End Server 16
Attack surfaces ( for Bluetooth) Pairing mechanism MitM attack Exposed services 17
Attack Scenario Discover the Bluetooth device to attack Tap into GATT interface of device Connect to device and read characteristics Modify the characteristics value 18
Attack Impact DoS the Bluetooth device Sniff the information through Characteristics Connect, control and command the Bluetooth device 19
Demo 20
Mitigations Secure configuration 21
Case Studies Case Study 3: Mobile App and Backend Server hacking. Goal : Backend server takeover.
Case Study: 3 Compromising Server through Mobile App Architecture: Medical Device Mobile Application Back End Server 23
Attack surfaces (for Mobile Application & Backend Server) Mobile Application Insecure data storage Broken Cryptography Hardcoded secrets (credentials/keys/ip ).. Server ports and services Weak authentication Injection attacks Vulnerable services.. 24
Attack Scenario Reverse engineering the mobile application Find the server related information Find the services to communicate to server Exploit the vulnerable services on server Server take over Game Over!! 25
Attack Impact Server take over by the attacker Possibilities are plenty Family of Devices can be compromised over the internet Risk to the whole network Backdoors can be installed Malware/Ransomware can be planted Access to the whole database of sensitive information... 26
Demo 27
Mitigations Encrypt sensitive information Never hardcode credentials/keys Patch systems 28
What Device Manufacturer should do?
What Device Manufacturer should do? Development The 3 deadly sins: Default or hardcoded credentials/keys. None/improper patch strategy No encryption at rest and transit. The Virtue: No system can be perfect BUT remember to make the update strategy fool proof. During update ensure to support Secure update. Digitally sign the upgrade package. 30
What Device Manufacturer should do? Process Security Governance and Management Risk Management Framework Training and Awareness Vendor Management Secure Development Incident Management Post Market Surveillance Responsible Disclosure 31
Takeaways Healthcare ecosystem is getting connected and pervasive. Healthcare is a top target of hackers. Secure the ecosystem: secure the entire chain from the IoT to the backend server. Remember the 3 deadly sins and a virtue. Security Governance and management 32
Food for thought? Hacking in Progress Courtesy: www.maximintegrated.com 33
Special Thanks Android apps: Kartik Lalan, Philips. Bluetooth Device: P.N. Aravinda, Philips. Security Center of Excellence, Philips HealthTech. 34
Questions THANK YOU 35