DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Secure software updates: disappointments and new challenges
HOTSEC'06 Proceedings of the 1st USENIX Workshop on Hot Topics in Security
Security and Privacy for Implantable Medical Devices
IEEE Pervasive Computing
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
BitBlaze: A New Approach to Computer Security via Binary Analysis
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Input generation via decomposition and re-stitching: finding bugs in Malware
Proceedings of the 17th ACM conference on Computer and communications security
Secure data management in trusted computing
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
Hi-index | 0.00 |
Medical devices used for critical care are becoming increasingly reliant on software; however, little is understood about the security vulnerabilities facing medical devices and their software. To investigate this open question, we analyze the security of software that controls a modern Automated External Defibrillator (AED) used for treating cardiac arrhythmias. This report represents the first public embedded software security analysis of a medical device. We identify several software security vulnerabilities and discuss key insights and open challenges in improving software-controlled medical devices to be resistant to malware. We found the AED would accept counterfeit firmware updates. We did not locate any standard cryptographic controls. We conclude with recommendations and open challenges in securing medical devices.