Case Study: COSIC Group, KU Leuven reverse-engineers IMD security flaws with National Instruments

Hacking Implantable Medical Devices to Emphasise Life-Threatening Security Flaws

National Instruments' customer, the COSIC Group at KU Leuven, faced the challenge of proving that the proprietary security protocols in implanted medical devices (IMDs), like pacemakers and insulin pumps, were dangerously flawed. The research group aimed to demonstrate that this "security-by-obscurity" approach could lead to severe breaches of patient privacy and even life-threatening attacks.

Using National Instruments' USRP Software Defined Radio Device and LabVIEW software, the team implemented a non-invasive, black-box solution to intercept and reverse engineer the wireless communications of various IMDs. This approach from National Instruments successfully proved that malicious actors could easily eavesdrop on sensitive data or even send malicious commands to the devices. As a result, the research provided critical findings to medical manufacturers, emphasizing the urgent need to adopt stronger, standard cryptographic security measures in future devices to protect patient safety.

COSIC Group, KU Leuven

Dave Singelée

COSIC Group, KU Leuven