New technology developed by researchers collaborating from several universities can detect malware on medical devices by noting their power usage, as outlined in research that will be presented at the USENIX Workshop on Health Information Technologies in Washington, D.C., next week.
The technology, a tool called WattsUpDoc, gives hospitals an easy way to spot dangerous equipment and take it offline.
"Strict validation requirements make it prohibitively difficult or costly to use anti-virus software or automated operating system updates on these systems" the study's authors explain. "Our add-on monitoring system, WattsUpDoc, uses a traditionally undesirable side channel of power consumption to enable run-time malware detection."
The tool relies on the "side channel of systemwide power consumption, which leaks information about the system's computing activity without requiring any hardware or software modifications," Shane Clark, co-author of the study from the University of Massachusetts Amherst, writes in a recent blog post. "WattsUpDoc uses machine-learning techniques to match patterns of power consumption."
In experiments conducted, WattsUpDoc detected previously known malware with at least 94 percent accuracy--and previously unknown malware with at least 85 percent accuracy--on several embedded devices.
The prevalence of malware on hospital equipment is a big concern for hospitals. For instance, two anonymous provider CIOs recently expressed dismay to the Wall Street Journal for what they perceived to be subpar security efforts by their vendors in the fight security threats.