The Challenge of Securing Bluetooth Technology in Healthcare

It’s the age-old question: when does convenience undermine security? In the healthcare sector, the answer can literally spell the difference between life and death. As the Internet of Medical Things (IoMT) grows, wireless attacks abound. While not any harder to launch than against traditional IoT devices, these attacks are drastically more high-stakes and can use the Bluetooth and related protocols as a medium. Consequently, Bluetooth – the subtle, convenient, connect-from-anywhere technology intended as a boon to the medical industry –  must be more-than-adequately secured.  

 Fortunately there are proactive security measures available to help prevent successful attacks on medical devices that use versions of Bluetooth. Below we explain the risks and how to manage them. 

The Risk of Bluetooth Low-Energy Medical Devices 

For hospitals, having the right tools available at the right time is everything. That is why many favor the use of Bluetooth Low-Energy (BLE) technology, a form of Bluetooth that consumes less power and operates over a longer period of time. However, BLE is also susceptible to cyberattacks, including those using theexploit known as “SweynTooth,” an attack that can crash a wireless device, stop it from working, or access device commands only available to the authorized user. And this is only one exploit. As the IoMT expands, so does the collective attack surface, putting medical equipment that uses connected devices at risk of various medium- and high-severity attacks, including: 

• Denial of Service (DoS) 
• Distributed DoS 
• Man-in-the-Middle (MITM) 
• Data leakage 
• Spoofing 

When any of these attacks affect a device, namely DoS or DDoS, that device can be taken offline completely. When a DDoS attack is launched against a retail site server, the company loses money, which is unfortunate. However, when a DDoS attack is launched against a network of BLE-connected insulin pumps, lives can be lost, which is a far more serious matter. Additionally, other nefarious attacks could impair hospital operations and put patient data at risk, such as when a Man-in-the-Middle attack steals sensitive biometric data as it travels from a nurse’s iPad to the hospital’s network. 

Says a member of the U.S. Food and Drug Administration (FDA), “Medical devices are becoming increasingly connected, and connected devices have inherent risks, which make them vulnerable to security breaches. These breaches potentially impact the safety and effectiveness of the device and, if not remedied, may lead to patient harm.” The bottom line is that Bluetooth- and BLE-connected IoTM devices perform a myriad of essential functions in healthcare: 

• Record electrical impulses through electrocardiograms (ECGs) 
• Monitor glucose levels and blood pressure 
• Remotely send critical health information to medical staff, among other functions 

“An attacker may target the IoMT gateway to manipulate information before sending it to the doctor or to launch denial of service attacks to make the information unavailable,” notes an adapted entry from a peer-reviewed paper on securing Bluetooth communication in healthcare. The researchers conclude that “as the complete information of the patient flows in and out through the IoMT gateway, securing the IoMT attack surface assumes critical importance.” 

How Fuzzing Can Help 

Is BLE technology inherently vulnerable? The answer is – not necessarily. The problem arises when it is not configured with the proper security specifications, something goes wrong in deployment, or an error otherwise occurs somewhere in the development pipeline and manages to go undetected to consumers; that is until an attacker detects it.  

However, there is a way to help prevent these issues. 

Fuzzing is a technique widely used to detect hard-to-find vulnerabilities. It catches what typical vulnerability scans can’t and works by testing the systems it’s employed on with a host of bad, corrupted, or otherwise random inputs and seeing what the software returns. If the program crashes, short-circuits, reveals sensitive data, or performs poorly in any other way, security analysts know that there is a weakness in the code somewhere that needs to be remedied.  

Fuzzing can be applied to devices that support different types of wireless protocols, including BLE. By fuzzing these devices, testers can find errors in the implementation of these protocols (more commonly the case) and even in the protocol itself (far less common). By discovering these bugs early on, weak points in BLE implementation can be patched and strengthened before attackers have the chance to strike. 

Fortra’s beSTORM is a black box fuzzer that can be applied to devices to ensure their safety before they hit the shelves – or the hospitals, in this case. It uses a proprietary algorithm to systematically attack the highest probability vulnerabilities first and can test to scale with almost no human intervention. By performing potentially billions of attack combinations, beSTORM gives organizations the peace of mind they need to roll new products, releases, and devices off the shelf – or into the operating room – with confidence.