This Ain’t Your Dose:Sensor Spoofing Attack on Medical
Infusion Pump
Youngseok Park1,2, Yunmok Son2, Hocheol Shin2, Dohyun Kim2, and Yongdae Kim2
1 NAVER Labs2 System Security Laboratory, KAIST
10th USENIX Workshop on Offensive Technologies (WOOT '16)
Aug.09.2016
Sensor
v Sensing changes in physical property and converting to electric signal
v Gyroscope, Accelerometer, Radar, Sonar, Infrared sensor, etc.
2
Sensing and Actuation System
3
Real World
Processor
Sensor Actuator
Sensing Actuation
System
ADC
ADC: Analog-to-Digital Converter
Converting Processing
GyroscopeRadarFlightcontrol
Crashavoidance
Sensing and Actuation System
4
Real World
Processor
Sensor Actuator
Sensing Actuation
System
ADC
ADC: Analog-to-Digital Converter
Converting Processing
GyroscopeRadarFlightcontrol
Crashavoidance
No Authentication
Vulnerable to sensor spoofing attack
Spoofing!
Sensor Spoofing Attack
v Manipulating sensors with a malicious signal
v Previous works- Attacking Circuit using EMI: Injecting EMI into a wire of a defibrillator (S&P’13)
- Canceling and injecting Active Sensor Signal: magnetic signal on ABS sensor (CHES’13)
- Generating Resonance (DoS): Injecting sound noise into a gyroscope of a drone (SEC’15)
5
EMI: Electromagnetic InterferenceABS: Anti-lock Braking System
6
This Work: Manipulating Sensing Valuesby Saturating Receiver
Target: Medical Infusion Pump
v Controlling infused volume of medicine to patients
v Sometimes using a drop sensor for accuracy
7 Infusion Pump (body)
Display
Controlpanel
Actuator(PeristalticFingers)
IV Tube
To human’s body
From drop sensorMedicine
IR receiver
IR emitter
To infusion pumpbody
Drop sensor
Drop
IV TubeDrip
chamber
Output
~
Infusion Pump Operation
8
Light
Sensor Saturation
v New type of sensor spoofing attack using saturation- Sensors have typical operating region- Output is saturated when exceeding a saturation point- Blinding sensors
9
In case of the infusion pump
Medical Infusion Pump
v Two infusion pumps with drop sensors
10
Infusion pump Drop sensor
JSB-1200(Pump1)
BYS-820(Pump2)
Hardware Analysis
v Pump1 (JSB-1200)
11
Peristalticfingers
Tube
Infusion pump
LED
Drop sensor
IR emitter
IR receiver
IR Filter
Hardware Analysis
v Measuring signal with oscilloscope- Connector = 4 pins: VCC, GND, LED, and IN (signal)
12
Connector(Device side)
Four pins(Sensor side)
Normal drop
Simple Test (Saturation, w/o filter)
13
Simple Test (Saturation, w/o filter)
14
Hardware Analysis
v Mainboard (2 MCUs)
15
W78E516D(MCU2)
AT89S52(MCU1)
Internal structure
SPI Port
Drop sensor port
Hardware Analysis
v Sensor output is inserted to MCU1 after ADC- 8-bit ADC (0 to 255)- Digital signal indicates voltage level of the drop sensor
16
Output of ADC
8-bit ADC
IN(sensor output)
MCU1
Firmware Extraction
v Extracting firmware of MCU1 via SPI port- Reading Flash memory using USBISP and AVR Studio- Data section -> 8051 assembly -> IDA Pro
17
USBISP
AVR Studio 4 Intel HEX format
Data sectionAT89S52(MCU1)
SPI Port
Firmware Analysis
v Finding sensor output in Timer interrupt function
18
Put 8-bit sensor output to RAM
Firmware Analysis
19
Drop Detection Algorithm
20
Sensing drop when voltage decreases by 𝟎.𝟑𝟐𝑽
Send command (0x11) through serial port,connected to MCU2
Pump1 Structure
1. Drop sensor output enters into AT89S52 (MCU1)
2. MCU1 sends data to W78E516D (MCU2) via serial comm.
3. MCU2 actuates peripherals with this data- Pins of MCU2 are directly connected to motor, display and alarm
21
Vulnerability
v Drop sensor- Saturated with an external source- Cannot sense drops in saturation
v Drop detection algorithm- Counting drops based on a relative change in voltage- Making a voltage drop to sensor output
22
Saturation
Fake drop
Experimental Setting
23
Measuringcylinder
IR Laser(905nm, 30mW) Drop sensor
Arduino
Infusion pump
Experiment
v Performed on both infusion pumps (Pump1, Pump2)
v Saturation (failed in Pump2)- Sensor is saturated when injecting IR laser to receiver
- Drop sensor cannot sense real drops -> Over-infusion
v Fake drops- Sensor is deceived by fake drops with external IR
- Pump perceives that there are drops already -> Under-infusion
v Both cases cause an alarm
24
Spoofing Pattern
v Over-infusion- Alarm: “No drop is detected”- Inject some period and compensate insufficient drops
v Under-infusion- Alarm: “Too many drops are detected”- Find properly interval of fake drops experimentally
v Example (60mL/h setting)- 1 drop per 3 seconds
25
Normal operation
Continuous saturation
Over-infusion
Saturation time (13s)
Real drop interval (3s) drop fake drop
Alarm
Under-infusion
Fake drop interval
2s
Demo (Over-infusion)
26
Demo (Under-infusion)
27
Spoofing Pattern
v Over-infusion- Alarm: “No drop is detected”- Inject some period and compensate insufficient drops
v Under-infusion- Alarm: “Too many drops are detected”- Find properly interval of fake drops experimentally
28
Normal operation
Continuous saturation
Over-infusion
Saturation time
Real drop interval drop fake drop
Alarm
Under-infusion
Fake drop interval
2s
Results
v Controlling infused volume is possible- By adjusting saturation time or fake drops- Measured in 10 minutes and 5 times each (No alarm rings over 30 minutes)- Over-infusion fails on Pump2
29
Discussion
v Attack distance- Related to power of source- Possible in the range of 12m with 30mW IR laser
v Mitigation- Authentication between emitter and receiver
• PyCRA (CCS ‘15)
• Generate random zero signal in an emitter
- Voltage level detection• Checking boundary of legitimate signal
- Physical isolation
30
Saturation(by spoofing)
Sensor output
Real drops(without spoofing)
Boundary check
Detect!
Concept of PyCRA
Voltage level detection
Discussion
v Attack distance- Related to power of source- Possible in the range of 12m with 30mW IR laser
v Mitigation- Authentication between emitter and receiver
• PyCRA (CCS ‘15)
• Generate random zero signal in an emitter
- Voltage level detection• Checking boundary of legitimate signal
- Physical isolation
31
Conclusion
v Presenting a new type of sensor spoofing attack- Deceiving a sensor by saturation
v Analysis on medical infusion pumps- Finding vulnerability in drop detection algorithm
v Controlling infused fluid from 65% to 330%
v Note- Infusion pump was not communicating at all. - IR lay is invisible to human eyes.- FDA approved US devices?
v Sensor security- Most sensors are exposed to receive signal- Must be considered for safety
32
