Wireless control is becoming standard in a wide range of devices, from simple garage doors and car keys to life saving medical devices. The potential danger behind the radio controlled gadgets resides in their vulnerability to cyber attacks and potential misuse, which can do more harm than good to the unsuspecting victim.
Medical wireless sensors are expected to send information to a hub which converts it to a predefined form and stores it in a computer for further analysis. Sometimes the sensor has an attached processor which shortens the route and sends already processed info. The problem with such devices resides in the balance between size, usability and security. A study from 2011 clearly states this problem:
“ […] traditional security mechanisms needed unlimited resources, so they cannot be directly applied to the extremely resource-constrained sensor nodes. While WMSNs’ security requirements are the same as those of traditional networks, namely availability, confidentiality, integrity, authentication, data freshness and non-repudiations, thus resource conscious security protocols have emerged as one of the critical issue in healthcare applications using wireless medical sensor networks.”
Most research on these devices has been focused on enhancing the features, without too much concern about malicious use or eavesdropping. Recent tests and events have uncovered potential life and reputation threatening problems with insufficiently secured wireless capable gadgets.
It has been shown that wireless mice could act as access gates into computers through their dongle which can be easily hijacked and used as an external keyboard by a hacker. This is exactly what gave a programmer, Christian Rouland a bright idea to test security:
“No one was looking at the air space. So I wanted to build this cyber x-ray vision to be able to see what was inside a corporation’s air space versus what was just plugged into the wired network or what was on a Wifi hotspot.”
In the same manner, a medical wireless device could be hacked and the information downloaded and either changed, endangering the life of the patient (such as in the case of a pacemaker or an insulin pump) or released to whoever might be concerned such as insurance brokers, television stations if the person is a public figure or even the employer.
This is a risk most patients are not warned about, as medical staff is usually only telling them the secondary effects of treatments, not of being subject to potential technology attacks. Research shows that:
“Cyber actors will likely increase cyber intrusions against health care systems – to include medical devices – due to mandatory transition from paper to electronic health records (EHR), lax cybersecurity standards, and a higher financial payout for medical records in the black market.
Recognition of the increasing vulnerability of medical networks, as well as medical devices connected to these networks, is reflected in the revisions to the international standard International Organization for Standardization (ISO)/IEC 27000-series.”
The future solutions will require increased security options, integrated in a device that has cyber options similar to laptops and desktops. At least standard WEP and WPA security is required and as technology makes further steps medical devices should keep up, imposing similar standards to those offered by banks, since the sensitivity of the information is similar or higher. When asked by available options at the moment, a company providing Wireless DAQ – explained that their device can connect to multiple sensors and experiments at the same time and store all the gathered data locally on the device. This minimizes the risk of data getting on the wrong hands, but caution is still advisable. They claim that in this case, the security is as strong as the network and wireless infrastructure existing in the facility where the device is installed.