This Ain’t Your Dose:Sensor Spoofing Attack on Medical

Infusion Pump

Youngseok Park1,2, Yunmok Son2, Hocheol Shin2, Dohyun Kim2, and Yongdae Kim2

1 NAVER Labs2 System Security Laboratory, KAIST

10th USENIX Workshop on Offensive Technologies (WOOT '16)

Aug.09.2016

Sensor

v Sensing changes in physical property and converting to electric signal

v Gyroscope, Accelerometer, Radar, Sonar, Infrared sensor, etc.

2

Sensing and Actuation System

3

Real World

Processor

Sensor Actuator

Sensing Actuation

System

ADC

ADC: Analog-to-Digital Converter

Converting Processing

GyroscopeRadarFlightcontrol

Crashavoidance

Sensing and Actuation System

4

Real World

Processor

Sensor Actuator

Sensing Actuation

System

ADC

ADC: Analog-to-Digital Converter

Converting Processing

GyroscopeRadarFlightcontrol

Crashavoidance

No Authentication

Vulnerable to sensor spoofing attack

Spoofing!

Sensor Spoofing Attack

v Manipulating sensors with a malicious signal

v Previous works- Attacking Circuit using EMI: Injecting EMI into a wire of a defibrillator (S&P’13)

- Canceling and injecting Active Sensor Signal: magnetic signal on ABS sensor (CHES’13)

- Generating Resonance (DoS): Injecting sound noise into a gyroscope of a drone (SEC’15)

5

EMI: Electromagnetic InterferenceABS: Anti-lock Braking System

6

This Work: Manipulating Sensing Valuesby Saturating Receiver

Target: Medical Infusion Pump

v Controlling infused volume of medicine to patients

v Sometimes using a drop sensor for accuracy

7 Infusion Pump (body)

Display

Controlpanel

Actuator(PeristalticFingers)

IV Tube

To human’s body

From drop sensorMedicine

IR receiver

IR emitter

To infusion pumpbody

Drop sensor

Drop

IV TubeDrip

chamber

Output

~

Infusion Pump Operation

8

Light

Sensor Saturation

v New type of sensor spoofing attack using saturation- Sensors have typical operating region- Output is saturated when exceeding a saturation point- Blinding sensors

9

In case of the infusion pump

Medical Infusion Pump

v Two infusion pumps with drop sensors

10

Infusion pump Drop sensor

JSB-1200(Pump1)

BYS-820(Pump2)

Hardware Analysis

v Pump1 (JSB-1200)

11

Peristalticfingers

Tube

Infusion pump

LED

Drop sensor

IR emitter

IR receiver

IR Filter

Hardware Analysis

v Measuring signal with oscilloscope- Connector = 4 pins: VCC, GND, LED, and IN (signal)

12

Connector(Device side)

Four pins(Sensor side)

Normal drop

Simple Test (Saturation, w/o filter)

13

Simple Test (Saturation, w/o filter)

14

Hardware Analysis

v Mainboard (2 MCUs)

15

W78E516D(MCU2)

AT89S52(MCU1)

Internal structure

SPI Port

Drop sensor port

Hardware Analysis

v Sensor output is inserted to MCU1 after ADC- 8-bit ADC (0 to 255)- Digital signal indicates voltage level of the drop sensor

16

Output of ADC

8-bit ADC

IN(sensor output)

MCU1

Firmware Extraction

v Extracting firmware of MCU1 via SPI port- Reading Flash memory using USBISP and AVR Studio- Data section -> 8051 assembly -> IDA Pro

17

USBISP

AVR Studio 4 Intel HEX format

Data sectionAT89S52(MCU1)

SPI Port

Firmware Analysis

v Finding sensor output in Timer interrupt function

18

Put 8-bit sensor output to RAM

Firmware Analysis

19

Drop Detection Algorithm

20

Sensing drop when voltage decreases by 𝟎.𝟑𝟐𝑽

Send command (0x11) through serial port,connected to MCU2

Pump1 Structure

1. Drop sensor output enters into AT89S52 (MCU1)

2. MCU1 sends data to W78E516D (MCU2) via serial comm.

3. MCU2 actuates peripherals with this data- Pins of MCU2 are directly connected to motor, display and alarm

21

Vulnerability

v Drop sensor- Saturated with an external source- Cannot sense drops in saturation

v Drop detection algorithm- Counting drops based on a relative change in voltage- Making a voltage drop to sensor output

22

Saturation

Fake drop

Experimental Setting

23

Measuringcylinder

IR Laser(905nm, 30mW) Drop sensor

Arduino

Infusion pump

Experiment

v Performed on both infusion pumps (Pump1, Pump2)

v Saturation (failed in Pump2)- Sensor is saturated when injecting IR laser to receiver

- Drop sensor cannot sense real drops -> Over-infusion

v Fake drops- Sensor is deceived by fake drops with external IR

- Pump perceives that there are drops already -> Under-infusion

v Both cases cause an alarm

24

Spoofing Pattern

v Over-infusion- Alarm: “No drop is detected”- Inject some period and compensate insufficient drops

v Under-infusion- Alarm: “Too many drops are detected”- Find properly interval of fake drops experimentally

v Example (60mL/h setting)- 1 drop per 3 seconds

25

Normal operation

Continuous saturation

Over-infusion

Saturation time (13s)

Real drop interval (3s) drop fake drop

Alarm

Under-infusion

Fake drop interval

2s

Demo (Over-infusion)

26

Demo (Under-infusion)

27

Spoofing Pattern

v Over-infusion- Alarm: “No drop is detected”- Inject some period and compensate insufficient drops

v Under-infusion- Alarm: “Too many drops are detected”- Find properly interval of fake drops experimentally

28

Normal operation

Continuous saturation

Over-infusion

Saturation time

Real drop interval drop fake drop

Alarm

Under-infusion

Fake drop interval

2s

Results

v Controlling infused volume is possible- By adjusting saturation time or fake drops- Measured in 10 minutes and 5 times each (No alarm rings over 30 minutes)- Over-infusion fails on Pump2

29

Discussion

v Attack distance- Related to power of source- Possible in the range of 12m with 30mW IR laser

v Mitigation- Authentication between emitter and receiver

• PyCRA (CCS ‘15)

• Generate random zero signal in an emitter

- Voltage level detection• Checking boundary of legitimate signal

- Physical isolation

30

Saturation(by spoofing)

Sensor output

Real drops(without spoofing)

Boundary check

Detect!

Concept of PyCRA

Voltage level detection

Discussion

v Attack distance- Related to power of source- Possible in the range of 12m with 30mW IR laser

v Mitigation- Authentication between emitter and receiver

• PyCRA (CCS ‘15)

• Generate random zero signal in an emitter

- Voltage level detection• Checking boundary of legitimate signal

- Physical isolation

31

Conclusion

v Presenting a new type of sensor spoofing attack- Deceiving a sensor by saturation

v Analysis on medical infusion pumps- Finding vulnerability in drop detection algorithm

v Controlling infused fluid from 65% to 330%

v Note- Infusion pump was not communicating at all. - IR lay is invisible to human eyes.- FDA approved US devices?

v Sensor security- Most sensors are exposed to receive signal- Must be considered for safety

32

Thank You!

E-mail: ys.park@navercorp.com