Tuesday, May 30, 2017

Are embedded software safe enough? or Do you program/configure some of your systems using proprietary wireless programming units?

To day the Danish engineering new site ing.dk reported some experiences of a Norwegian security researcher personally have had with a page pager. Page makers are life saving devices for people with certain hearth faults. How they contain embedded software and wireless interfaces unknown to the patient user. Here is a partial translation of the report from ing.dk:

"The Norwegian security researcher Marie Moe recently talked about "Hacking my own heart" at the Copenhagen Cybercrime Conference. Five years ago she passed out due to a heart failure, and was given a page maker. As an employee at NorCERT in Norway Ms. Moe soon got a interest in her newly implanted device.At the time many she asked many questions of the doctors, including some about the safety of the hardware and software, which then made her heart beat."
"She decided to search for information herself, and found a technical manual on heart hardening using Google. In this she discovered, that the pace maker had two wireless communication options. One was an NFC interface to give programming access to the device, and that one she was aware of. It could be used for diagnosis, and by touching a screen on the programming device a doctor could make the heart go faster or slower or even stop. The second wireless interface could communicate over several meters, and was intended to send telemetric information via a box in the home to a server on the internet. The intended user was the health and pharma industry, but not the patient or her doctor. Ms. Moe remarked, that given the certification process such devices are subject to, then the technology providing the internet connectivity would properly be 15 years old."
"At one point while climbing som stairs Ms. Moe suddenly felt like an 80-year old. She later had the same experience while running for a bus. After several months of pacemaker studies it turned out that there was an error in the pacemaker interface In the default configuration the pacemaker was set to an upper pulse of 160 beats per minute. So men this was reached the pacemaker would change the pulse to just 80 beats per minute. It turned out that the NFC programming device showed a different max-pulse level that what was actually programmed into the pacemaker."
"Ms. Moe had another bug experience last year on the way to a conference in Amsterdam, when she could suddenly see her chest muscles move. It was properly caused by cosmic radiation, which caused bit flips in the memory of the device, so it could not access memory as intended. Since the different pacemaker manufacturers use different and non-compatible devices for programming Ms. Moe had to wait for proper equipment to arrive, to factory reset her pacemaker. That naturally re-introduced the old bug, which Ms. Moe had discovered earlier."
"So how is software on a pacemaker being updated? Well, a USB-key from the provider is inserted in the programming unit, which then uploads the code to the pacemaker.  At the end of the presentation Ms. Moe showed herself in a half marathon, so the pacemaker is working today."
Why is this story relevant for the process safety and control community? Because of the multitude of electronic programmable devices, which have entered the process industry during the past twenty years, and just sit out there in the plants during their thing, without anyone thinking about bugs.

The question, which spring to mind after reading about Ms. Moes experience with radiation influencing her pacemaker, is whether the smart instrumentation in our modern plants can experience similar malfunctions? If or when they do, and we then prepared to deal with them?

Source of original story in Danish here:  https://www.version2.dk/artikel/norsk-sikkerhedsforsker-blev-ramt-pacemaker-fejlkonfiguration-paa-vej-ad-trapperne-1077034