{"id":446,"date":"2009-01-16T18:14:13","date_gmt":"2009-01-17T02:14:13","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/?p=446"},"modified":"2009-01-16T20:48:58","modified_gmt":"2009-01-17T04:48:58","slug":"security-review-edible-chips","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2009\/01\/16\/security-review-edible-chips\/","title":{"rendered":"Security Review: Edible Chips"},"content":{"rendered":"

The California based company Proteus has created an edible computer chip<\/a> designed to mark a new way of monitoring patient drug intake. The process involves two pieces of technology: a small chip containing sensors and a small patch worn by the patient. The chip is attached to a pill, swallowed by the patient, and then activated once it enters the patient\u2019s stomach. Once activated the chip sends signals to the patch. The patch can track data like heart rate, respiratory rate, temperature, and body angle. This data is then automatically uploaded via Bluetooth to an online repository and given a timestamp. Doctors can use this data to monitor whether a patient is correctly taking his or her medication or the effects of the medication from the convenience of their cell phones or personal computer. This product, named Raisin, is currently in clinical trials. <\/p>\n

Assets\/Security Goals
\n–\tConvenience: If Raisin is working properly, patients do not need to sit and be constantly be monitored by healthcare professionals. These patients can continue with their regular routines. Doctors are also given convenience by being able to monitor patent data online.
\n–\tPatient\u2019s Health: The patient must ingest a chip and is in constant contact with the patch. Either piece could potentially expose the patient to undesired health risks if they were tampered with.
\n–\tMedical information: The data uploaded by the product should be the same data that a doctor sees. The product must be secure enough to prevent someone from altering the data collected from patients. <\/p>\n

Potential Adversaries\/Threats
\n–\tMalicious people: There are two technological components that are in contact with the patient. Manufacturers, employees, or a third party could possibly intercept or alter either piece before it reaches the patient.
\n–\tThieves: There may be people trying to steal the personal and medical information collected by these chips. Perhaps the information could be used to embarrass a patient, or be sold to some medical agents with malicious intents <\/p>\n

Potential Weakness
\n–\tDatabase: The data could not be encrypted or secured properly in the online database. This could lead to someone unauthorized to view a patient\u2019s data.
\n–\tPersonal Property: Doctors would be allowed to access patient data from their cell phones or computers. If either were stolen it may make accessing the patient\u2019s data easier.
\n–\tData transfer: While the data is being uploaded from the patch to the internet, it could be intercepted by a third party.
\n–\tProduct transfer: While the product goes from manufacturer to patient, there are many opportunities for a third party to intercept and tamper with it. <\/p>\n

Potential Defenses <\/p>\n

Since there are multiple levels involved in Raisin, there are multiple defenses that need to be in place. The chip and patch itself need to be made tamper proof. There needs to be a security seal or check in place by the manufacturers that lets doctors and other medical professionals know if either product has been tampered with after manufacturing. <\/p>\n

The data is uploaded with Bluetooth, which does provide some protection. Bluetooth provides authentication and encryption of data. Although it is not completely secure, Bluetooth does provide some protection while the data is being uploaded.<\/p>\n

To maintain data integrity there could be policies implemented to potentially limit who can access the information and how they can access it. Perhaps keeping a log of who accesses the data would provide an audit trail in case there is a breach. <\/p>\n

Risks <\/p>\n

There are many opportunities for a malicious attack to affect this product. The chip or patch itself could be intercepted before they are used and tampered with by someone. The patch could be reprogrammed to also send the data to another receptor, or perhaps alter the data send. Since both are in contact with the patient\u2019s body, either could be tampered with or coated with something to possibly cause harm to the patient. <\/p>\n

The data is also vulnerable to a malicious attacker. Bluetooth is not completely secure and there is the possibility of data being intercepted while it is being uploaded to the internet. Having the data stored online not only allows more doctors to access it, but potentially more adversaries as well. <\/p>\n

This technology has the potential to evolve into sensors that can stay in the human body for prolonged periods of time, instead of moving through the digestive system. However, these same risks would still apply. <\/p>\n

Conclusion<\/p>\n

The security issues with Raisin are not new; they are the accumulation of many other security issues involving databases, Bluetooth, and product tampering. Each of these issues must be addressed in order to insure the health of the patient and the effectiveness of the product. Even though Raisin is still in clinical trials, these security issues should not be ignored. This technology provides promise for people with chronic diseases, like diabetes, who need constant monitoring and could facilitate the development of more personalized medication. This potential would be wasted if the patient\u2019s privacy and health were not secured. <\/p>\n","protected":false},"excerpt":{"rendered":"

The California based company Proteus has created an edible computer chip designed to mark a new way of monitoring patient drug intake. The process involves two pieces of technology: a small chip containing sensors and a small patch worn by … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":69,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-446","post","type-post","status-publish","format-standard","hentry","category-security-reviews"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/446","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/69"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=446"}],"version-history":[{"count":4,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/446\/revisions"}],"predecessor-version":[{"id":461,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/446\/revisions\/461"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=446"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=446"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=446"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}