Abstract
The Internet of Things is a cutting-edge technology that organisations are adopting them in order to increase their business productivity and speed the operations. It has been involved for homes, companies, industries and now it is present in healthcare. However, due to lack of standardisation and accelerated competition, providers are deploying devices focused on innovation without having the proper balance between security, performance and ease of use. This is leading to new attacking vectors easing attackers to penetrate systems with confidence and without the need to be an expert in hacking thanks to the variety of open source tools available on the Internet e.g. Kali Linux, Github. The increased number of cyber attacks through IoT devices has complicated the performance of forensic investigators, reaching to Chains of Custody (CoC) easy to challenge by defenders and the rejection of investigation cases. Healthcare organisations has become the most attractive targets for cyber crime due to the variety and value of information allocated on Electronic Health Records (EHR).
This chapter aim to highlight the Biohacking capabilities and presents a Digital Forensic Investigation Process Model (DFIPM) addressing IoMT devices and assuring data privacy during the process.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Beavers J (2019) Hacking pacemakers: a feasibility study. In: IEEE 12th international conference on global security, safety and sustainability (ICGS3)
Beavers J, Pournouri S (2019) Blockchain and clinical trial. Springer. Chapter 11: recent cyber attacks and vulnerabilities in medical devices and healthcare institutions
Belmonte Martin A, Marinos L, Rekleitis E, Spanoudakis G, Petroulakis N (2015) Threat landscape and good practice guide for software defined networks/5G. European Union Agency for Network and Information Security (ENISA), Heraklion
Casey E (2011) Digital evidence and computer crime: forensic science, computers and the internet, 3rd edn. Elsevier Academic Press, New York
Cimpanu C (2018) Hacker might have stolen the healthcare data for half of Norway’s Available at: https://www.bleepingcomputer.com/news/security/hacker-might-have-stolen-the-healthcare-data-for-half-of-norways-population/. Accessed 25 Dec 2019
Code Injection (2013). Retrieved from https://www.owasp.org/index.php/Code_Injection
Denial of Service (2015). Retrieved from https://www.owasp.org/index.php/Denial_of_Service
DiGiacomo J (2018) Data beach statistics for 2018 plus totals from 2017 | Revision Legal %. [online] Revision Legal. Available at: https://revisionlegal.com/data-breach/2018statistics/. Accessed 10 Feb 2019
Fatal flaws in ten pacemakers make for Denial of Life attacks (2016) Retrieved from https://www.theregister.co.uk/2016/12/01/denial_of_life_attacks_on_pacemakers/
Finkle J (2016) J&J warns diabetic patients: insulin pump vulnerable to hacking. Reuters. Retrieved from https://www.reuters.com/article/us-johnson-johnson-cyber-insulin-pumps-e/jj-warns-diabetic-patients-insulin-pump-vulnerable-to-hacking-idUSKCN12411L
Focus on: Pacemakers (n.d.). Retrieved from https://www.bhf.org.uk/heart-matters-magazine/medical/pacemakers
Halperin D, Heydt-Benjamin TS, Ransford B, Clark SS, Defend B, Morgan W, Fu K, Kohno T, Maisel WH (2008) Pacemakers and implantable cardiac defibrillators: software radio attacks and zero-power defenses. IEEE symposium on security and privacy
Ibarra J, Jahankhani H, Kendzierskyj S (2019) Cyber-physical attacks and the value of healthcare data: facing an era of cyber extortion and organised crime. In: Blockchain and clinical trial. Springer, Cham, pp 115–137
IP Location (2016) Where is geolocation of an IP address? Available at: https://www.iplocation.net/. Accessed 30 Aug 2019
Jack B (2017). Retrieved from https://en.wikipedia.org/wiki/Barnaby_Jack
Jamming & Radio Interference: Understanding the impact (n.d.) The institute of engineering and technology. https://doi.org/10.1049/etr.2012.9002
Kent K, Chevalier S, Grance T, Dang H (2006) Guide to integrating forensic techniques into incident response. NIST Spec Publ 10(14):800–886
Khan S (2017) The role of forensics in the internet of things: motivations and requirements. IEEE Internet Initiative eNewsletter
Khatir M, Hejazi M, Sneiders E (2008) Two-dimensional evidence reliability amplification process model for digital forensics. In: Third international annual workshop on digital forensics and incident analysis, pp 21–29
Lam B (2017) NHS cyber attack: views from the front line. Pharm J. Retrieved from https://www.pharmcaceutical-journal.com/opinion/qa/nhs-cyber-attack-views-from-the-front-line/20202794.article
Lone AH, Mir RN (2018) Forensic-chain: ethereum blockchain based digital forensics chain of custody. SPCSJ 1(2):21–27; Scientific Cyber Security Association (SCSA), 2017 ISSN: 2587–4667
Montasari R (2016) The comprehensive digital forensic investigation process model (CDFIPM) for digital forensic practice. PhD thesis, University of Derby
Montasari R (2017a) A standardised data acquisition process model for digital forensic. Int J Inform Comput Secur 9(3):229–249
Montasari R (2017b) Digital evidence: disclosure and admissibility in the United Kingdom Jurisdiction. In: International conference on global security, safety, and sustainability. Springer, Cham, pp 42–52
Morgan L (2018) List of data breaches and cyber attacks in March 2018. [online] IT Governance Blog. Available at: https://www.itgovernance.co.uk/blog/list-of-data-breachesand-cyber-attacks-inmarch-2018/. Accessed 26 Apr 2018
New York Post (2016) Yes, pacemakers can get hacked. Retrieved from http://nypost.com/2016/12/29/yes-pacemakers-can-get-hacked
Nieto A, Roman R, Lopez J (2016) Digital witness: safeguarding digital evidence by using secure architectures in personal devices. IEEE Netw 30(6):34–41
Nomikos N, Nieto A, Makris P, Skoutas DN, Vouyioukas D, Rizomiliotis P, Lopez J, Skianis C (2015) Relay selection for secure 5G green communications. Telecommun Syst 59(1):169–187
O’Connor Y, Rowan W, Lynch L, Heavin C (2017) Privacy by design: informed consent and internet of things for smart health. Proc Comput Sci 113:653–658
Pacemakers (n.d.). Retrieved from https://www.bhf.org.uk/heart-health/treatments/pacemakers
Seals T (2018) Abbott addresses life-threatening flaw in a half-million pacemakers. Retrieved May 19, 2018, from https://threatpost.com/abbott-addresses-life-threatening-flaw-in-a-half-million-pacemakers/131709/
Sommer P (2008) Directors’ and corporate advisors’ guide to digital investigations and evidence. U.K. Information Assurance Advisory Council. Available at: https://www.ucisa.ac.uk/~/media/Files/members/activities/ist/DigitalInvestigationsGuide.ashx. Accessed 30 Aug 2019
Terry N (2017) Existential challenges for healthcare data protection in the United States. Ethics Med Pub Health 3(1):19–27
WhatIsMyIPAddress (2016) How you connect to the world. Available at: http://whatismyipaddress.com/. Accessed 30 Aug 2019
Yuce MR, Islam MN (2016) Review of medical implant communication system (MICS) band and network. ICT Express 2(4):188–194. https://doi.org/10.1016/j.icte.2016.08.010
Zetter K (2015) Medical devices that are vulnerable to life-threatening hacks. Retrieved from https://www.wired.com/2015/11/medical-devices-that-are-vulnerable-to-life-threatening-hacks/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Ibarra, J., Jahankhani, H., Beavers, J. (2020). Biohacking Capabilities and Threat/Attack Vectors. In: Jahankhani, H., Kendzierskyj, S., Chelvachandran, N., Ibarra, J. (eds) Cyber Defence in the Age of AI, Smart Societies and Augmented Humanity. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-35746-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-35746-7_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-35745-0
Online ISBN: 978-3-030-35746-7
eBook Packages: Computer ScienceComputer Science (R0)