A Shocking Vulnerability Demonstrated at eXchange REWIRED


By: Brian Stallard

June 10, 2021

Categories: AAMI News, HTM Professionals, Medical Device Manufacturers

ArchimedesCenterImage1

Can you imagine having your smart assistant getting hijacked with… light?

During AAMI eXchange REWIRED’s Thursday airing of “Good Morning HTM”, The Archimedes Center for Healthcare and Device Security shocked the healthcare technology management (HTM) community with a live demonstration of a worrying vulnerability inherent in many smart devices.

During the demonstration, University of Michigan PhD student and Archimedes Center research assistant, Connor Bolton aimed a bright green laser at a Google Home smart assistant device. A few seconds later, and seemingly unprompted, the device announced the time to everyone watching the eXchange REWIRED live feed.

“Oh wow—there it went!” exclaimed co-host Robert Burroughs, SVP of Education at AAMI. “And you’re doing that with some very inexpensive equipment? I’m definitely keeping my blinds closed from now on!”

Bolton explained that he had modulated the light of a $20 laser pointer to carry a specific message—in this case, asking the smart assistant to tell the time.

“By varying the intensity of the laser in tune with the voice command we want to give, we’ve essentially embedded audio into the laser beam itself,” he said.

The researcher and his colleagues have tested the technique in multiple devices and at varying distances. In one video, the team has even managed to command a smart device to open a home’s garage door after shooting the laser from a bell tower, through a window, and into the home.

 
The vulnerability, first revealed by researchers from the University of Michigan and The University of Electro-Communications, Tokyo, raises important security questions even while medical device designers are becoming increasingly interested in the idea of digital healthcare assistants, “smart” wearables, and networked smart devices in the clinical setting.

It also highlights a worrying trend: As the advance of new technologies continues to speed up, it may begin to outpace device security. Fortunately, this is a concern that AAMI and the Archimedes Center have combined their efforts to address in a new collaborative effort.

“We’re bringing together healthcare providers, security experts, device designers… everyone you can think of” to anticipate problems and find the right solutions, said Bill Aerts, Executive Director at Archimedes Center.

The two organizations have connected their membership and partner networks to work on advancing security for life-saving devices.