Niki Arrowsmith04.25.12
Researchers Anand Raghunathan, Ph.D., and Niraj Jha, Ph.D., are the brainchildren behind MedMon, a new medical device hacking firewall prototype that has the industry buzzing. Though the mainstream news sources are hailing MedMon as the new device that will end hacking, the truth is the device is still in its beginning stages. In October 2011, news broke that security software company McAfee had exposed a weakness in a Medtronic insulin pump by “ethically hacking” the device, specifically to demonstrate that it could be done. The potential for malicious hacking of life-sustaining devices is too high to be ignored, which has prompted close review of such devices. With MedMon, the hope is that there is a solution to the malicious remote manipulation of vulnerable devices. Researchers Raghunathan and Jha were kind enough to sit down with Medical Product Outsourcing to give an inside look at the device.
Raghunathan is a professor of electrical and computer engineering at Purdue University, West Lafayette, Ind. Also a senior researcher at NEC Laboratories America in Princeton, N.J., he leads research efforts on advanced system-on-chip and embedded system architectures and design methodologies. He also held a visiting professorial position at Princeton University's Department of Electrical Engineering. He earned his bachelor’s degree in electrical and electronics engineering from the Indian Institute of Technology in Madras, India, and his master’s and doctoral degrees in electrical engineering from Princeton University.
Jha is a professor of electrical engineering at Princeton University, where his interest in biological and biomedical engineering drew him to this project. He earned his bachelor’s degree in electronics and electrical communication engineering from the Indian Institute of Technology in Kharagpur, India, his master’s degree in electrical engineering from the State University of New York at StonyBrook, and his Ph.D. in the same at the University of Illinois at Urbana-Champaign.
Medical Product Outsourcing: Can you tell me about the prototype? Could you explain in lay terms how it works?
MedMon is a device that monitors all communication packets that go into or out of a medical device. It analyzes the characteristics of the wireless signal, as well as the contents of the communication packets, to identify packets that potentially represent malicious activity. When such packets are detected, MedMon can take actions such as alerting the user or jamming the packets in order to ensure that they do not reach the target device. At a high level, one could draw an analogy between MedMon and network firewalls that are used to protect home and corporate computer networks; however, the information and algorithms used in MedMon are very different.
MPO: What interested you in and drew your attention to medical device security?
We, and other researchers, have previously demonstrated attacks on medical devices in the lab using inexpensive, off-the-shelf equipment. Although we are unaware of such attacks in the real world, we felt that it would be important to address them before they get translated from the lab into practice.
MPO: A provisional patent has been filed on the concept; when do you foresee your prototype materializing into a usable product?
We are still at a fairly early stage in the process. We have a functional prototype in the lab that has shown promise in detecting many wireless attacks. However, challenges such as size, weight, and battery life need to be addressed in order to make the system portable. Once a usable prototype is developed, regulatory approval will still be necessary before the technology can make it into the hands of users.
Raghunathan is a professor of electrical and computer engineering at Purdue University, West Lafayette, Ind. Also a senior researcher at NEC Laboratories America in Princeton, N.J., he leads research efforts on advanced system-on-chip and embedded system architectures and design methodologies. He also held a visiting professorial position at Princeton University's Department of Electrical Engineering. He earned his bachelor’s degree in electrical and electronics engineering from the Indian Institute of Technology in Madras, India, and his master’s and doctoral degrees in electrical engineering from Princeton University.
Jha is a professor of electrical engineering at Princeton University, where his interest in biological and biomedical engineering drew him to this project. He earned his bachelor’s degree in electronics and electrical communication engineering from the Indian Institute of Technology in Kharagpur, India, his master’s degree in electrical engineering from the State University of New York at StonyBrook, and his Ph.D. in the same at the University of Illinois at Urbana-Champaign.
Medical Product Outsourcing: Can you tell me about the prototype? Could you explain in lay terms how it works?
MedMon is a device that monitors all communication packets that go into or out of a medical device. It analyzes the characteristics of the wireless signal, as well as the contents of the communication packets, to identify packets that potentially represent malicious activity. When such packets are detected, MedMon can take actions such as alerting the user or jamming the packets in order to ensure that they do not reach the target device. At a high level, one could draw an analogy between MedMon and network firewalls that are used to protect home and corporate computer networks; however, the information and algorithms used in MedMon are very different.
MPO: What interested you in and drew your attention to medical device security?
We, and other researchers, have previously demonstrated attacks on medical devices in the lab using inexpensive, off-the-shelf equipment. Although we are unaware of such attacks in the real world, we felt that it would be important to address them before they get translated from the lab into practice.
MPO: A provisional patent has been filed on the concept; when do you foresee your prototype materializing into a usable product?
We are still at a fairly early stage in the process. We have a functional prototype in the lab that has shown promise in detecting many wireless attacks. However, challenges such as size, weight, and battery life need to be addressed in order to make the system portable. Once a usable prototype is developed, regulatory approval will still be necessary before the technology can make it into the hands of users.