CyberWire Daily - Just saying there are attacks is not enough. [Research Saturday]
Episode Date: October 24, 2020Ben-Gurion University researchers have developed a new artificial intelligence technique that will protect medical devices from malicious operating instructions in a cyberattack as well as other human... and system errors. Complex medical devices such as CT (computed tomography), MRI (magnetic resonance imaging) and ultrasound machines are controlled by instructions sent from a host PC. Abnormal or anomalous instructions introduce many potentially harmful threats to patients, such as radiation overexposure, manipulation of device components or functional manipulation of medical images. Threats can occur due to cyberattacks, human errors such as a technician's configuration mistake or host PC software bugs. As part of his Ph.D. research, Tom Mahler has developed a technique using artificial intelligence that analyzes the instructions sent from the PC to the physical components using a new architecture for the detection of anomalous instructions. Joining us in this week's Research Saturday to discuss his research is CBG - Cyber@Ben Gurion University's Tom Mahler. The research can be found here:Â A Dual-Layer Architecture for the Protection of Medical Devices from Anomalous Instructions Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. data products platform comes in. With Domo, you can channel AI and data into innovative uses that
deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to
your role. Data is hard. Domo is easy. Learn more at ai.domo.com.
That's ai.domo.com.
Hello, everyone, and welcome to the CyberWire's Research Saturday.
I'm Dave Bittner, and this is our weekly conversation with researchers and analysts tracking down threats and vulnerabilities, solving some of the hard problems of protecting
ourselves in a rapidly evolving cyberspace. Thanks for joining us.
I'm researching this area for between three to four years. At the beginning, I started investigating the entire
field of medical devices and specifically medical imaging devices. That's Tom Mahler. He's a
researcher at Ben-Gurion University. The research we're discussing today is titled
A Dual Layer Architecture for the Protection of Medical Devices from Anomalous Instructions. And now, a message from our sponsor, Zscaler, the leader in cloud security.
Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Zscaler Zero Trust Plus AI stops attackers
by hiding your attack surface,
making apps and IPs invisible,
eliminating lateral movement,
connecting users only to specific apps,
not the entire network,
continuously verifying every request
based on identity and context,
simplifying security management
with AI-powered automation,
and detecting threats using AI to analyze over 500 billion daily transactions.
Hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI.
Learn more at zscaler.com slash security.
As you know, this area is very much unattended and there are a lot of problems in it. And I did a research that laid out about 23 different attacks on medical imaging devices.
This was the initial research I did on this topic.
Then once we discovered the different vectors of attacks,
I also wanted to try to find a solution to these attacks.
Because just saying that there are attacks, it's not enough.
I wanted also to try to find solutions.
This is one of the solutions that
can be applied to protect from a wide range of attacks. Well, before we dig into your research,
can you give us an overview of what sort of things are we dealing with with these devices?
What kind of devices are we talking about and what are some of the concerns?
Medical imaging devices, well, you can take the approach
that I presented to other medical devices as well.
But if we're talking on medical imaging devices,
this is a CTs, MRIs, ultrasounds, and such devices,
which has an architecture, which I presented,
I can also send you the presentation if you want.
They have some sort of host control PC that controls the medical device and sends
instructions to the actual medical device. So if you're thinking of a
city device, so I don't know if you have ever been in a city device, a
city scanner, but basically you have a control room where a technician sits and configures
the exam.
And then the patient is placed on a mechanical bed that is moving through the scanning procedure.
And the scanner rotates or does some different things depending on the technology.
For example, CT uses X-ray radiation to scan the patients.
MRI uses magnetic resonance to scan the patient.
And ultrasound uses ultrasonic waves. You can also think of other devices such as radiotherapy devices or a robotic surgery
or basically any medical device that has a controlling PC.
So it's not, if you're thinking of heart rate monitors or cardiovascular implanted devices,
it's not exactly this kind of device.
I'm talking about bigger devices that have some controlling interface.
This is important for our architecture.
Now, what kind of communications typically goes on between that controlling device and the scanning hardware?
This varies significantly between different manufacturers and different devices.
For example, in the Citi device,
this is where we tested our idea,
they have a CAN bus network,
which is similar to what you have in cars.
You know the CAN connection?
Yeah, yeah.
C-A-N, yeah.
So it's just the same connection you have in the car
or in other industrial control systems. So this's just the same connection you have in the car or in other industrial control systems.
So this is just a regular input, but it doesn't really matter because even if you have an Ethernet connection or even if you have a Wi-Fi connection, it doesn't matter.
Because I'll get into it in a few moments, but our idea is to monitor the traffic between this host control and the device.
So usually from what I saw in city devices and MRIs, we're talking about CAN bus connections,
but it can also be used when you have Ethernet connections, normal LAN connections,
or if you have some other Wi-Fi or even Bluetooth connections.
or if you have some other Wi-Fi or even Bluetooth connections.
I guess the question I'm getting at is,
in one of these devices, let's say,
the technician who's operating the device sends a command to the device to just make something up here,
set the power level to 10.
Is there some sort of back and forth
between the device and the control computer where the computer says, hey, set this to 10. Is there some sort of back and forth between the device and the control computer
that says, or the computer says, hey, set this to 10. The device says, you know, got
that 10. Do you really mean 10? And the control says, yes, 10. You know what I mean?
Yeah, yeah, yeah. Well, this is an excellent question. And let me give you a little bit more background.
So the device, at least in a city devices, once the technician configures the scan, then
the device sends all the instructions at once.
In a city device, it's called a gantry.
A gantry is the physical scanner that the patient sits into it.
So this is called the gantry.
So the host PC sends the instructions to the gantry.
Now, these instructions are complete
with all the information that it needs to do the scan.
There is no really back and forth.
There are some things that are back and forth,
but not in the way that you mentioned. I mean, there is not a lot of validation. I'll say what validations exist
and what doesn't exist. The validation that exists are validations that are concerned
with safety. So, you know, medical devices needs to pass a lot of regulations and tests.
So they pass safety tests that check that there isn't too much high radiation or like you say, too high of a power.
But the important thing is that since these devices are used for a wide range of different scans. So within the safe, the safe, and I say safe in quotes,
within the safe margin of the allowed radiation or allowed movement,
there is still a lot of gap.
So let's say, let's say a big patient with a heavyweight is being scanned.
He can be scanned in the same device where a child, which weighs much less, is scanned.
So it's the same scanner
and it can take care of both patients.
So of course, the heavier patient will get more radiation.
So if you take the maximum safe radiation
and put it into a child,
so this is not so safe.
You see what I'm saying?
Yeah, absolutely.
And another thing is that there is no validation for the question,
is this instruction fit or matches this specific patient?
But the only one who knows all the profile of the patient
and let's say his gender, his weight.
So the only one who knows it is the
technician and he needs to configure the the exam so the device itself doesn't make this validation
the device doesn't know which patient is being scanned so this this opens up a lot of different
attacks and also i also want to to add that a lot of attacks come from different sources.
So we know that there are a lot of network attacks, like the WannaCry attack propagated through the network and infected device after device.
The WannaCry attack is very important in the medical device because it's one of the biggest attacks that actually affected medical devices.
So this is like a very big event here.
And I know that there are different companies
who offer network-based solutions.
So they can scan the network, you can put a firewall,
you can maybe try to do the IoT discoverability,
you know these kind of things, right?
Right.
Yeah.
So this means that you can monitor the network, but the host PC itself is a very, very closed
system.
So it's still a Windows PC, a normal Windows PC, but they can't really install endpoint security or even install
updates to the computer because let's say a city device comes one piece.
It comes with the host and with the gumtree and with all the servers.
They are all supplied by the manufacturer and they are all passed all these rigorous
validation regulations that I mentioned regarding the safety.
So if you install an update, the manufacturer must make sure that this update didn't interfere
with any other thing that may compromise the device and may cause damage to the patient,
even if it's just a security update.
Yeah, well, let's dig into your research here.
I mean, you're talking about a dual-layer architecture.
Describe to us, what was your approach?
So our approach was that you can protect the network, as I mentioned just now.
You can protect the endpoint, but there is only a certain amount of protection that you can do on the endpoint.
Because, as I said, you can't install a lot can do on the endpoint because as I said you can't install
a lot of things on the endpoint. So our approach is to put the protection system outside
of the host control PC and even outside of the entire CT ecosystem or medical device ecosystem.
And we are connected from one side to the host pc and from the other side to
the gantry so you can think of us as a like a wire shark sniffer but we are doing of course
this analysis that i will mention in a few minutes but we are monitoring the traffic and our approach
doesn't require any change to the existing device so if you own a city and you want to make it secure, you don't need to install anything on the network.
You don't need to install anything on the PC itself.
You can just take our solution, which is like a black box.
You plug it in from one side to the host control, to the output of the host control.
This output is supposed to go to the gantry.
So instead of connecting it to the gantry,
you connect it to our box.
And then from the other side,
our box connects to the gantry.
And this way we can monitor all the traffic
that passes through.
Now, I will explain, of course, the method later,
but it's important to understand
that it doesn't matter where the attack came from.
So you can maybe do a network-based attack scenario, or you can insert some kind of USB, a malicious USB, to the host itself.
Or it can even be a simple human error.
We catch all these kind of things and you can't overpass our system because it doesn't protect from all kinds of attacks, but it protects from a very big portion of attacks. So if an attacker tries to, like you asked at the beginning of the interview, you asked
if he takes the power level, let's say to 10 or the radiation level, multiply the radiation
level by 100. So the result of such an attack will be an instruction with too much radiation,
and we catch this instruction, and by using AI methods,
we can learn what are normal instructions and what are anomalous instructions,
and then detect these anomalous instructions.
Well, describe to us the part of your approach here
that's utilizing artificial intelligence.
Yeah, so this is the dual layer.
And why dual layer?
Because we have two different layers
who are aimed at protecting
two different kinds of anomalies.
So the first layer
is the unsupervised context-free layer.
And this layer is using unsupervised context-free layer and this this layer is using unsupervised anomaly
detection algorithms and we use different kinds of algorithms such as isolation forest a knn
k nearest neighbors a one plus svm and a different combination of these algorithms using an ensemble technique, an ensemble average technique. And we recorded
about, I think, 8,000 or maybe more instructions from a real CT device. We did a collaboration
with a manufacturer and a hospital, and we recorded over 8,000 instructions from Office of City Devices.
Then the first unsupervised layer is
learning these instructions and try to find anomalies which are,
let's say, out of the normal distribution of instructions.
If they are very weird instructions, for example,
very high radiation that was never sent before, or a very weird
combination of parameters that
that doesn't make sense because they were never sent like this before.
This is the first layer. So the first layer tries to detect very, very
strange instructions, and the second layer is a context sensitive layer which
uses supervised classification to take the instruction and try to to learn instructions
with the context of the patient being scanned and the context of the clinical objective for the scan
so this is the second layer tries to tries to detect instructions like I explained at the
beginning of let's say an adult being scanned while the actual patient is a child. So we wanted
to also learn the instruction with the context of the patient being scanned. This is why we have these two layers.
And I just want to say two things about the data itself.
So as I said, we collected over 8,000 instructions
and they contain over 200 different parameters.
So this is a lot of information of the scans.
Now, the second thing I want to add about data
is about the anomalies. So
you can think of how we actually tested this idea because it's not easy to record data
at all. It took us over one and a half years to collect this data because each time we
have to go to the hospital and physically connect to the device. And it's not like they allow us to come whenever we want and plug a USB and download everything.
There is a certain procedure.
So it took us a lot of time.
And the anomalies were even harder because, first of all, the hospital didn't allow at all for us to try to record manual instructions on our own.
So we had to collaborate with the manufacturer of the CT devices to try to, we went to their
development center and we brought a certified technician which sat on a development CT, but a real CT, but which is being used
for during development.
And we asked this technician to try on purpose
to generate malicious instructions,
like the maximum amount of level he could think of,
or move the engines as fast as the device can.
So this is one kind of analysis which we call manual anomalies,
which we recorded.
We were able to record about 60 such anomalies.
As you can imagine, this is quite a long procedure.
It took us several days.
And each time, it's a slow procedure because each time,
the city device actually does this instruction.
Now, at a certain point, the manufacturer told us that he doesn't like that we are moving the motors so fast
because he's afraid that the development city will break.
So we had to stop with this kind of instruction.
But at least the radiation, the maximum radiation was okay.
And also we had another set of malicious instructions, which by chance we caught certain instructions
that we recorded them during a maintenance procedure.
So at a certain month, this manufacturer came to the hospital that we worked with and did some calibration and testing on the
device. A normal maintenance. But of course, a patient shouldn't be present during these
maintenance instructions, so we also recorded them and inserted them into our anomaly set.
You know, it strikes me that this could be useful
to the manufacturer as well,
because it could help them detect bugs and errors
in their own system.
Yes, of course.
And for them, it could be useful for much more.
First of all, for cybersecurity, of course,
this is why this manufacturer really liked our idea,
because he said that it's very
easy to implement. He doesn't need to install anything. It's just a plug and play. Just
take this black box, puts it in his device and it makes his device more safe. And another
thing, it can help them not only learn, not only detect errors, but also learn, you know, like business intelligence.
For example, how many scans of certain types were done on this specific device.
And then they can say that, let's say, specific city scanner did a lot of head scans.
And let's say these head scans highly affect certain parts of the device. And because this device did a lot of head tests,
then it needs to keep a maintenance of certain x-ray tubes.
So this is also something that could be very interesting for the manufacturers.
It strikes me too that this could be very useful for something like an infusion pump.
I'm thinking about just preventing medical errors.
And as you say, being able to gather data about when errors do happen,
what are the circumstances under which they occur?
Yeah, I think so as well.
And this is why I think that what really helps here is the second context-sensitive layer
of this dual-layer architecture, because adding the context to the instructions, they don't do it.
I mean, the manufacturers simply send instructions without any context. So if you add the insights
you know about the context, you can really do a lot of interesting things.
Also, in terms of optimization, optimizing the instructions to better fit this specific patient being scanned,
not just any patient being scanned.
Are there any concerns with, for example, latency or availability?
If the ability for these machines to connect to the device that you all have designed here.
Is there potential for it to slow things down?
Or, for example, if your system goes down for some reason, can the hospital still bypass it?
If our system fails, then the hospital can always revert to the current situation that he has today without our system.
So if there is some problem, you can just unplug our system,
plug the host directly to the gantry, and everything works the same.
So this won't cause any problem.
In terms of latency, from what we saw, analyzing one instruction is a matter of milliseconds.
So I don't think it would cause a slowdown to the procedure itself. And also, you can apply
on the instructions simultaneously while the device begins its operation. A CT scan is not
something that takes a millisecond. It's a procedure that takes, let's say, even one or two or three minutes.
So if you discover an anomaly after two or three seconds and you give the alert,
so the technician can stop the device immediately and no damage would be done because two or three seconds,
even at the highest radiation, wouldn't
cause any problem.
Now, we also want to add in the future explanation to the system, which will also explain the
anomalies and not just alert them.
Regarding the explanation, I think here would be maybe a bit more latency because the explanation
process is more slow.
But we're not there yet.
Our thanks to Tom Mahler from Ben-Gurion University for joining us.
The research is titled
A Dual-Layer Architecture for the Protection of Medical Devices
from Anomalous Instructions.
We'll have a link in the show notes.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io. wire team is Elliot Peltzman, Puru Prakash, Stefan Vaziri, Kelsey Bond, Tim Nodar, Joe
Kerrigan, Carol Terrio, Ben Yellen,
Nick Valecki, Gina Johnson, Bennett
Moe, Chris Russell, John Petrick,
Jennifer Iben, Rick Howard, Peter Kilpie,
and I'm Dave Bittner. Thanks for
listening.