Cybercriminals Can Fake Vital Signs Data from Medical Devices

Attackers can manipulate patients’ vital signs by emulating data sent from medical equipment to central monitoring systems. This was revealed by McAfee researcher Douglas McKee at the Def Con conference.

According to McKee, some patient monitoring devices use weak communication protocols to transmit data to central systems. He claims to have reverse-engineered one such protocol and created a device capable of emulating human vital signs data.

This allowed the expert to send false information to the central monitoring system. In the original version of this attack, physical access to the patient is required—the attacker must replace the monitoring client with their own device.

However, McKee also developed another attack method that does not require disconnecting the monitoring client. In this case, the only requirement is that the attacker is on the same network as the monitoring client.

This method works in real time and exploits vulnerabilities in the Rwhat protocol, which is used in some medical equipment. The protocol uses simple, unencrypted UDP packets that can be easily modified and faked.

The expert provided a video demonstration showing how it is possible to send a signal to the central station indicating a sudden cardiac arrest.