An Implantable Cardioverter Defibrillator (ICD) is a medical device used for the detection of potentially fatal cardiac arrhythmias ,such as ventricular tachycardia (VT) and ventricular fibrillation (VF), and their treatment through the delivery of electrical shocks intended to restore normal heart rhythm. ICD software features a number of programmable parameters, that, if wrongly configured, can result in unnecessary therapy, which are painful, and damage the cardiac tissue, and even worse can prevent required therapy, leading to sudden cardiac death. An ICD reprogramming attack is one that alters the device’s parameters to induce miss-classification and inappropriate therapy.
Reprogramming attacks can significantly compromise patient safety, with high-profile patients being obvious target (e.g. former US vice president Cheney had his pacemaker’s wireless access disabled to prevent assassination attempt). More recently, over a half a million cardiac devices have been recalled by the FDA for security risks related to wireless communications and researchers managed to gain control of a pacemaker/ICD by exploiting vulnerabilities in the device’s remote monitoring infrastructure. These incidents confirm that vulnerabilities in ICDs exist, and a thorough investigation of cyber-attacks on ICDs is needed to improve safety and security.
In this project, we present a formal approach for the synthesis of ICD reprogramming attacks that are both effective, i.e., lead to fundamental changes in the required therapy, and stealthy, i.e., are hard to detect. We focus on the discrimination algorithm underlying Boston Scientific devices (one of the principal ICD manufacturers) and formulate the synthesis problem as one of multi-objective optimization. Our solution technique is based on an Optimization Modulo Theories encoding of the problem and allows us to derive device parameters that are optimal with respect to the effectiveness-stealthiness tradeoff. Our method can be tailored to the patient's current condition, and readily generalizes to new rhythms.
Current Activity: Analyzing Spoofing Attack
[More to come...]
 Paoletti, N., Jiang, Z., Islam, M.A., Abbas, H., Mangharam, R., Lin, S., Gruber, Z. and Smolka, S.A., 2018. Synthesizing Stealthy Reprogramming Attacks on Cardiac Devices. arXiv preprint arXiv:1810.03808.