Internet of Medical Things Security Research

Our PURM summer research consisted of two parts: IoMT (Internet of Medical Things) security research and hacking, and the development of BoxNet, an IoT security hub. The goal of the first part was to learn more about the networking protocols that enable the Internet of Medical Things in order to determine potential vulnerabilities or attack vectors that might be used to undermine them and leak patient data. This meant investigating 802.11 WiFi traffic, as well as Bluetooth Low Energy (BLE) traffic, to determine what data is being sent from a variety of devices and what methods of encryption are used. The devices we investigated included Dexcom and Medtronic continuous glucose monitoring (CGM) devices intended for personal use that communicate with a smartphone app via BLE, as well as PoC glucometers that communicate with hospital middleware via WiFi. While we didn’t find any zero-day vulnerabilities, the investigation process provided valuable insight into how the Internet of Medical Things works, and how it would be best secured in both the home and the hospital.

The second half of our project focused on the development on an Internet of Things (IoT) security hub meant to combat dangerous IoT specific threats, such as botnets. Botnets are a form of malware that scan and install themselves on simple, cheap, and insecure IoT devices. Once infected, the malware connects to a command-and-control server managed by the malware author, who now controls the infected devices and can carry out further attacks with them. Botnets have been used in record-breaking DDoS attacks, which leveraged hundreds of thousands of cheap IoT devices connected to the internet to attack a particular target website and overflow that target with dummy web traffic.

BoxNet aims to combat this by identifying and securing potentially vulnerable IoT devices on a local-area network (LAN). This is particularly useful in hospitals, clinics, or in-home medical setups that have many IoMT devices on the same network. By identifying IoT devices on a network, scanning each device for open ports/services, and checking for common vulnerabilities such as default credentials, BoxNet serves as a tool to quickly and easily ensure that any potentially insecure IoT device on a network is protected from the most common threats. Furthermore, BoxNet monitors LAN traffic, logging packet data and checking for traffic from blacklisted sources.

Through researching actual medical devices and working with hospital technicians, we were able to witness and learn a lot about how these medical devices are actually used in the field and where potential attack surfaces exist. This helped drive development of BoxNet, as we better understood the workings of IoT devices and the most common vulnerabilities we needed to protect against. Building a security platform like this from scratch this summer was a challenging and rewarding experience, and we look forward to further development.

Our PURM summer research consisted of two parts: IoMT (Internet of Medical Things) security research and hacking, and the development of BoxNet, an IoT security hub. The goal of the first part was to learn more about the networking protocols that enable the Internet of Medical Things in order to determine potential vulnerabilities or attack vectors that might be used to undermine them and leak patient data. This meant investigating 802.11 WiFi traffic, as well as Bluetooth Low Energy (BLE) traffic, to determine what data is being sent from a variety of devices and what methods of encryption are used. The devices we investigated included Dexcom and Medtronic continuous glucose monitoring (CGM) devices intended for personal use that communicate with a smartphone app via BLE, as well as PoC glucometers that communicate with hospital middleware via WiFi. While we didn’t find any zero-day vulnerabilities, the investigation process provided valuable insight into how the Internet of Medical Things works, and how it would be best secured in both the home and the hospital.

The second half of our project focused on the development on an Internet of Things (IoT) security hub meant to combat dangerous IoT specific threats, such as botnets. Botnets are a form of malware that scan and install themselves on simple, cheap, and insecure IoT devices. Once infected, the malware connects to a command-and-control server managed by the malware author, who now controls the infected devices and can carry out further attacks with them. Botnets have been used in record-breaking DDoS attacks, which leveraged hundreds of thousands of cheap IoT devices connected to the internet to attack a particular target website and overflow that target with dummy web traffic.

BoxNet aims to combat this by identifying and securing potentially vulnerable IoT devices on a local-area network (LAN). This is particularly useful in hospitals, clinics, or in-home medical setups that have many IoMT devices on the same network. By identifying IoT devices on a network, scanning each device for open ports/services, and checking for common vulnerabilities such as default credentials, BoxNet serves as a tool to quickly and easily ensure that any potentially insecure IoT device on a network is protected from the most common threats. Furthermore, BoxNet monitors LAN traffic, logging packet data and checking for traffic from blacklisted sources.

Through researching actual medical devices and working with hospital technicians, we were able to witness and learn a lot about how these medical devices are actually used in the field and where potential attack surfaces exist. This helped drive development of BoxNet, as we better understood the workings of IoT devices and the most common vulnerabilities we needed to protect against. Building a security platform like this from scratch this summer was a challenging and rewarding experience, and we look forward to further development.