Take two software updates and see me in the morning: the case for software security evaluations of medical devices
2011
Medical devices used for critical care are becoming increasingly reliant on software; however, little is understood about the security vulnerabilities facing medical devices and their software. To investigate this open question, we analyze the security of software that controls a modern Automated External Defibrillator (AED) used for treating cardiac arrhythmias. This report represents the first public embedded software security analysis of a medical device. We identify several software security vulnerabilities and discuss key insights and open challenges in improving software-controlled medical devices to be resistant to malware. We found the AED would accept counterfeit firmware updates. We did not locate any standard cryptographic controls. We conclude with recommendations and open challenges in securing medical devices.
Keywords:
- Correction
- Source
- Cite
- Save
- Machine Reading By IdeaReader
12
References
54
Citations
NaN
KQI