MCH2022 Curated content

Can’t get you out of my head: Telemetric hacking of medical deep brain stimulators

DNA 🧬
Isabel Straw
Help protect deep brain implants from malicious attacks! Following a case in our own hospital of a patient with a malfunctioning Deep Brain Stimulator (DBS), we want to improve our understanding of these technologies and their susceptibility to malicious hacks. This workshop will describe the medical case of a patient with a failing DBS, we will present the DBS system and we will ask you to hack into it! Help us improve patient neurosecruity by suggesting possible exploits and vulnerabilities.
The security of telemetric medical devices is critical to good patient care [3]. Recent research has described security breaches of implanted medical devices in the context of diabetes (insulin pumps) and cardiology (cardiac defibrillators), however this has not been described in the field of neurology [1-2]. In our workshop we discuss the security vulnerabilities of ‘Deep Brain Stimulator’ (DBS) devices that are currently used in healthcare practice for a range of medical conditions. Our work revolves around a recent clinical case that we encountered in our hospital. A patient presented to our Emergency Department with acute neurological symptoms, which were found to be related to his malfunctioning Deep Brain Stimulator (DBS). As doctors, this was our first encounter with such a case and it posed difficult medical and technological challenges. A number of similar cases, in which patients with malfunctioning DBS devices have presented with abnormal medical symptoms, have been reported in the wider literature. Increasingly, these devices are being monitored remotely by specialists centers and the telemetric nature of these devices leaves them open to malicious hacks. More than 100,000 patients worldwide have received Deep Brain Stimulation (DBS) for neurological conditions. The adoption of ‘neurotechnology’ or ‘brain-computer interfaces’ has increased across the medical domain for neurological conditions (e.g. Parkinsons), but also for ‘emerging indications’ including OCD, Depression and Bipolar disorder. Additionally, beyond the healthcare space, ‘brain chips’ are receiving increasing attention for their promise to enhance cognition, augment reality and manage emotions. Hacking brain stimulators (‘brain jacking’) has so far only been reported in theory [1-3]. Targeted attacks of telemetric DBS devices to affect voltage/current and frequency settings could induce impairment of motor function, alteration of impulse control, induction of pain and manipulation of emotions [1-3]. The ability of hackers to exert malicious control over brain implants has dangerous and potentially life threatening consequences. For our patients and the wider community, we want to understand these threats and develop protective measures to secure the neuro-integrity of our patients. Recognising and responding to hacks of deep brain devices requires an interdisciplinary response. We need data scientists and hackers who understand the vulnerabilities of telemetric systems and potential routes of tech-induced harm. We need medical physicians and neuroanatomists to understand the clinical syndromes that may arise from the intersection of human physiology and digital manipulation. The workshop will start with a presentation describing the medical case of DBS failure. Following this, we invite participants to brainstorm ideas for how a DBS system could be hacked and to consider the ethical issues of this research. We will divide the audience into small groups and ask them to consider the following questions: Questions for workshop participants would include (i) Vulnerabilities: How would you hack a telemetric DBS device? What attacks is it likely to encounter? What are its vulnerabilities? (ii) Defense: What options could improve the security of these devices? (iii) Ethics: What are the arguments for and against these devices being used in healthcare? Following group discussions we will reconvene and share our thoughts and recommendations. We invite people from all disciplinary backgrounds to attend and share their thoughts on potential vulnerabilities and solutions for these systems. **Key References [1] Pycroft, Laurie, et al. ‘Brainjacking: Implant Security Issues in Invasive Neuromodulation’. World Neurosurgery, vol. 92, Aug. 2016, pp. 454–62. ScienceDirect, https://doi.org/10.1016/j.wneu.2016.05.010. [2] Denning, Tamara, et al. ‘Neurosecurity: Security and Privacy for Neural Devices’. Neurosurgical Focus, vol. 27, no. 1, July 2009, p. E7. thejns.org, https://doi.org/10.3171/2009.4.FOCUS0985. [3] Pycroft, Laurie, et al. ‘Brainjacking: Implant Security Issues in Invasive Neuromodulation’. World Neurosurgery, vol. 92, Aug. 2016, pp. 454–62. ScienceDirect, https://doi.org/10.1016/j.wneu.2016.05.010.

Additional information

Type Workshop
Language English

More sessions

7/22/22
MCH2022 Curated content
Elger "Stitch" Jonker
Abacus 🧮
⚠️ Warning! This talk may contain hackers. There may be hackers in the room. There may be hackers surrounding the room. There may be hackers recording this. There may be hackers listening in. There may be hackers that exfiltrate data. There may be hackers wearing shirts. There may be hackers carrying spying devices. OH NO! There are hackers EVERYWHERE! What can we do now, except having a party?
7/22/22
MCH2022 Curated content
Jelle vd ster
Abacus 🧮
What do big tech, synthesizers, the crucifixion and Matthäus Passion have in common? Find the answer in the tech performance The Silicon Passion. We’ve all embraced big tech —but is it a warm hug or a strangulation? Bear witness to a debate of biblical proportions between tech nerds, technology and its users. In The Silicon Passion SETUP, in collaboration with de Transmissie (David Schwarz en Derk Stenvers) and Rodrigo Ferreira, is looking for a way out of the pit that technology has ...
7/22/22
MCH2022 Curated content
Clairvoyance 🔮
Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.
7/22/22
MCH2022 Curated content
Mikko Hypponen
Abacus 🧮
This is a submission for a keynote talk at MCH2022. The Internet is both a familiar, comfortable place as well as a bottomless rabbit hole you can lose yourself in. The Internet has always been like this from its inception, the difference now is the scale and consequences are almost immeasurable - and it tests the limits of human imagination. When you look into the mirror of the Internet what you see reflected back depends on what you are looking for. It has become largely a reflection of ...
7/22/22
MCH2022 Curated content
Battery 🔋
Thanks to DNSSEC and DANE, it is possible to automatically verify user@domain.name identities by checking with domain.name servers. The real problem however, is integration with existing protocols, instead of inventing something completely new and perhaps web-only. The purpose of our work on Realm Crossover mechanisms has been to design generic solutions that extend many different application protocols, without changing their protocol specs.
7/22/22
MCH2022 Curated content
Klaus Agnoletti
Clairvoyance 🔮
Utilizing collaborative security to collect data on attacks we were able to detect Log4J in a quite unusual but effective manner. We'll show you how CrowdSec enables the entire infosec community to stand together by detecting attempts to exploit a critical 0day, reporting them centrally thereby enabling anyone to protect themselves shortly after the vulnerability was made public. The unusual part is that this is done using FOSS software and by analyzing logs of real production systems but in a ...
7/22/22
MCH2022 Curated content
bert hubert
Abacus 🧮
Building on the very well attended DNA presentations ("DNA: The Code Of Life") at SHA2017, this talk will cover: * A brief recap what DNA is and how it works * It is surprisingly digital! * How reading DNA is within 'pro-sumer' reach now * (I might bring a live demo for after the talk) * An overview of DNA editing technologies (offline, and online: on living organisms) * Including the famous CRISPR-CAS, but also newer variants * How does such editing actually work in a lab? * The surprising lack ...