In June the Food and Drug Administration issued a warning about the increasing risks of cyber attacks on medical devices and hospital networks. The FDA listed hospital computers, smartphones and tablets, and implanted patient devices as potential targets, indicating that malware—software designed to disrupt operations or gather sensitive information—could affect not only devices attached to hospitals’ internal networks but also implanted life-saving or -sustaining devices that can be programmed via the Internet.
Stopping such attacks can be difficult, in part because medical devices run proprietary or custom software that may not be protected by off-the-shelf consumer security software. But now a group of researchers believes there might be a backdoor solution, based on the fact that malware subtly changes power consumption. A collaborative research team from one Chinese and four American universities has developed a prototype system called WattsUpDoc. By monitoring the amount of electricity a device consumes, the system can determine—with 89% to 94% accuracy—whether the device has been infected with malware. Malware intrusions, which are essentially added software, usually increase the workload on a device’s hardware, which in turn requires increased power consumption.
The FDA reports that despite the potential dangers of malware, no injuries have been reported. After further testing, WattsUpDoc could help keep that safety record intact.