IoT Authentication Flaws in Medical Devices: HYPR-Secure Them
Jay Radcliffe was tinkering with his own best-selling insulin pump when every engineer’s worst fear was realized. He discovered a security hole in its wireless networking connection that could allow a malicious third party to alter the amount of insulin pumped. While it’s fortunate that the exploit never made it out in the open, flaws of this kind could potentially do serious injury if hackers were to exploit them. It’s astonishing to learn that even the most vital technological devices like insulin pumps are prone to authentication security vulnerabilities resulting from their manufacturers’ insufficient vigilance. As we progress with advancements in healthcare tech, security issues like this will become more commonplace – and that’s worrisome.
The writing is on the wall: connected devices across the healthcare industry are not inherently safe and will require embedded biometric authentication for medical use cases as an additional layer of security.
The Bio-T, as we call it, should be biometrically secured and accessible with or without an internet connection. Digesting this concept when the use case is a connected home or car entry point is simple, but what about medical devices?
By design, many medical IoT nodes will not be connected to the Internet. Data in, data out will be rejected for the safety concerns experts are raising. Undeterred, we want to safeguard medical devices whose connectivity would be beneficial against external attacks but we intend on achieving this without requiring cloud connectivity. This application of the HYPR biometric encryption platform includes medical devices that may be found inside or outside the patient. The HYPR SDK will be embedded inside devices to enable reliable contactless communication with strong H2D2D (human-to-device-to-device) authentication.
Manufactures at this time haven’t addressed device security as much as they should, or at all. HYPR aims to help IoT engineers along the path toward a security solution that is easy to use, and easy to scale across an industry the size of healthcare. Today HYPR is working with medical IoT device engineers so that patients, physicians, and/or healthcare providers can use their biometric mobile device to authenticate either through NFC or BLE (Bluetooth Low Energy). Authorized users alone could alter medication flows, make necessary adjustments to therapies, and check an aspect of their overall health status. Such a use case intends on preventing the insulin pump hack from occurring by enforcing biometric security at any point of interaction with the device.
In the case of IoT devices across the medical industry, the device itself becomes a standalone biometric validation server that communicates with a user’s trusted biometric authenticator (such as a mobile phone or our HYPR Token). It is anticipated by 2020 there will be over 40 billion connected devices across the IoT. With exploits on this scale and of this severity – and with the device volume soaring – 2015 will be an interesting year for biometric IoT security.