Security analysis of implantable medical

devices

Recently, wireless systems have become an intrinsic part of many modern medical devices. In par-
ticular, implantable medical devices, including devices such as pacemakers, cardiac defibrillators,
insulin pumps, etc., all have a wireless communication module. Adding wireless connectivity to
these medical implants has enabled various services. For example, these devices can be used to
remotely monitor the vital signs of patients.
However, recent work has shown that such wireless connectivity can be exploited to compromise
the confidentiality of the data transmitted by the medical devices, and even worse, to send unau-
thorized commands to the implantable medical devices. This entails an important security risk,
since these commands could for example deliver electric shocks to the patient, play irritating
sounds in the cochlear implant, change the insulin dosage, etc. In the worst case, these attacks
could even seriously harm the patients health, and potentially be life-threatening.
In this thesis, the most recent attacks in this research domain will be studied. Next, the student
will analyze and test if these can be carried out on one of the recent models of wireless implants
(the exact choice of the implant will be made at the start of the thesis). The main goal is to
evaluate if these attacks are feasible on the implant that will be studied. The student should
have a very strong background in telecommunications, and should be willing to mainly perform
practical hands-on work, including reverse engineering of existing medical systems.

Practicalities
Promotor: Bart Preneel
Ingrid Verbauwhede
Daily supervision: Dave Singelee Dave.Singelee@esat.kuleuven.be office 01.53
Eduard Marin Eduard.Marin@esat.kuleuven.be office 01.53
Nature of the work: 20% literature, 20% theoretical work, 60% hardware/software
Number of students: 1 or 2

Master thesis proposal

c 2014-2015 COSIC