Securing BLE for Medical Devices

Most of the devices we see at Promenade now involve a commercial tablet connected to the medical device.  It makes perfect sense from a usability/human factors standpoint; users are familiar and the user experience is great. But of course, using a commercial, off-the-shelf mobile unit with wireless communications brings some security challenges. The FDA is now scrutinizing submissions for adherence to its pre-market cybersecurity guidance, and a new guidance (currently in draft form) is coming soon.  We have had several clients come to us for help in their submission, specifically because their submission was rejected on account of cybersecurity.

When controlling a medical device over BLE, a Man-in-the-Middle (MITM) attack is a primary concern. This means that when the device and tablet communicate, a third device in the vicinity inserts itself between them and emulates both devices to each other, thereby controlling the device without the user knowing. Previously, a Medtronic insulin pump was recalled by the FDA for fear a hacker could maliciously change the insulin dosage from nearby.  Implantable cardiac devices and telemetry system have had similar recalls and warnings.

But most of what we are seeing security recalls are easily avoidable if using modern BLE modules. First, make sure to use a chip that supports Bluetooth 4.2 and above. Prior to version 4.2, Bluetooth used a unique encryption key transfer during pairing, with exploitable vulnerabilities.  BLE 4.2 uses the Federal Information Processing Standard (FIPS) compliant Elliptic Curve Diffie-Hellman (ECDH) algorithm for key exchange which is considered robust and secure. It also uses AES-CCM for message encryption, resulting in link-layer security protecting against eavesdropping and Man-in-the-Middle (MITM) attacks.  

Just because the BLE chip supports Bluetooth 4.2, doesn’t mean you have enabled its security features.  You need to verify that you are actually encrypting. There are many modes of these chips, simplest being “Just Works” – i.e. no encryption.  You may be thinking it is enabled, but because of a configure error, it drops down to “Just Works”.

So, there is no reason to avoid a commercial tablet as a User Interface.  Making devices more user friendly is a positive, for both safety and marketability.  But, do your risk analysis and make sure you secure the communication. Want to read more about Bluetooth and cybersecurity?

Need help on this topic?
Contact Us
Frances Cohen

Frances Cohen is President of Promenade Software Inc., a leading software services firm specializing in medical device and safety-critical system software. Frances has more than 20 years of experience leading software teams for medical device software. Starting with heart defibrillators for Cardiac Science and following with Source Scientific LLC and BIT Analytical Instruments Inc., Frances has overseen dozens of projects through development and the FDA, including IDEs, 510(k)s, and PMAs.  

Frances has a B.S. in computer engineering from the Technion, Israel Institute of Technology.

linkedin logo
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Promenade Software, Inc. specializes in software development for medical devices and other safety-critical applications.
Promenade is ISO 13485, and CypherMed Cloud is SOC2 Type II certified.