Using Power Analysis to Spot Hacked Implants (and Wikileaks, hacktivism)

We’ve heard a fair bit about the potential dangers of medical malware… visions of a virus getting uploaded to a pacemaker-programmer in one major-city hospital, then spreading programmer-to-pacemaker-to-programmer across the world as patients travel and get their tickers tuned in different places… before Z-day happens and everyone keels over unless one, no, ONE HUNDRED MEEELION DOLLARS gets delivered to a bald guy in a funny suit.

Researchers have figured out one potential way to stop, or at least spot, such an eventuality before the midget meets the laser.

Since medical devices aren’t really supposed to change, it’s possible to look at the power consumption of a given device and develop profiles. If you change the code, you change the power consumption patterns.

By watching power consumption across a large population of devices, you can spot alterations… without uploading any custom anti-virus software to the device itself. That’s key, since any officially installed software has to go through all kinds of approval. And most people don’t want to go to the hospital just because their pacemaker needs a software upgrade, anyway.

(Most people can’t be bothered to click the “update” button on their freaking laptops!)

Wikileaks gets the Funniest Headline of the Day award, with a press release announcing that “Wikileaks Launches Criminal Investigation.” No word yet on the possibility of a sealed Wikileaks indictment against Obama. The 180-odd page Assange statement is an interesting read, and a decent catalog of the *official* hurdles anyone ought to plan on overcoming if they really want to mess with the system.

Nevertheless I have difficulty working up too much sympathy for the purloined luggage — a train trip from Stockholm to Berlin is 12 hours, with onboard Wifi and power, and you need never lose control of your luggage. Frankly if it was customary for him to bag-check sensitive data carriers, it’s safe to assume everything was surreptitiously copied & bugged much earlier in the game!

Hacktivism isn’t necessarily what it seems… a convicted Anonymous/LulzSec hacker has stated that he and others were unwitting cats’ paws for the US government, used to do illegal things:

“Hospital rooms beep and flash with many devices that are increasingly getting infected with malware (see “Computer Viruses Are ‘Rampant’ on Medical Devices in Hospitals”). But for several reasons, these gadgets are often incompatible with commercial security software.

Now, new technology developed by academic researchers could catch most malware on the devices just by noting subtle changes in their power consumption. This could give hospitals a quick way to spot equipment with dangerous vulnerabilities and take the machines offline. The technology could also apply to computer workstations used in industrial control settings such as power plants.

The system, dubbed WattsUpDoc, is based on work involving Kevin Fu, who heads a research group on medical-device security at the University of Michigan and has uncovered several vulnerabilities in medical equipment. The research group tested WattsUpDoc on an industrial-control workstation and on a compounder, a machine commonly used in hospitals to mix drugs. In both cases the devices ran on modified versions of the Windows operating system.

The malware detector first learned the devices’ normal power-consumption patterns. Then it was tested on machines deliberately infected with malware. It was able to detect abnormal activity more than 94 percent of the time when it had been trained to recognize that malware, and between 84 and 91 percent of the time with previously unseen malware.

The technology, which is scheduled to be presented at a conference next week, “highlights a novel way of monitoring,” says John Halamka, CIO of Beth Israel Deaconess Medical Center in Boston.”

%d bloggers like this: