At the Institute of Data, all our students create a capstone project to highlight the knowledge and talents they’ve gained through their time with us. It’s a perfect opportunity for them to get creative with their new skills, apply them in a business situation, and create something that they can bring with them to future job interviews and employment opportunities, as proof of their strengths and abilities.
Hussein Farhat graduated from our Cyber Security program with an incredibly interesting capstone project about medical device hacking. Read on to find out more!
Tell us about your capstone project.
For my capstone project, I selected the topic of hacking medical devices, especially pacemakers, since I thought it would be a challenging but rewarding topic to study.
Medical device hacking is the process of manipulating medical devices to work in ways that they were not intended. This can be done for various reasons, including to improve the functionality of the device, to bypass security restrictions, or to access confidential data.
There are several ways to hack medical devices, depending on the type of device and the level of access required. In some cases, it may be possible to simply modify the firmware or software on the device. In other cases, more sophisticated methods may be necessary, such as reverse engineering the hardware or using physical tampering techniques.
I first became interested in medical device hacking when, as a student at the Institute of Data (IOD), we first started discussing capstone projects. The students can choose whichever topic they liked, as long as it fulfils certain points.
I felt I had to be like IOD, a visionary, in my project, and not just pick an easy topic to tackle. Furthermore, I was constantly hearing about new vulnerabilities in medical devices, but I didn’t really understand how these devices worked or how they could be manipulated. I decided to do some research and discovered that there was a surprisingly large community of people interested in this topic.
I started reading a lot of material on the topic, attending online conferences and listening to other researchers involved in this field. Furthermore, I quickly realised that there was a lot of potential for using these techniques for good.
For example, I learned about researchers who were using medical device hacking to develop low-cost prosthetics for people in developing countries. People will pay for devices and spend hundreds or thousands on devices which save their lives. Besides that, researchers often have access to these devices because they are very similar in some respects to research tools and so it is easy for them to gain access.
How did you come up with the idea?
I came across a project worth doing called Medical Device Hacking with no instruction manual on how to do it or what to expect, so I had to dive in headfirst.
Where and how did you find the data?
I found the data for this project in a few different places. Primarily, I used the Food and Drug Administration’s Recalls, Market Withdrawals, & Safety Alerts database.
This is a great resource for finding information on medical devices that have been recalled or had some other safety issue. I also used the ClinicalTrials.gov database to find information on clinical trials of medical devices. Finally, I used Google Patents to find patent information on medical devices.
What challenges did you have along the way?
One of the challenges I faced was that most medical devices are not hackable. They either have no exposed interfaces or the interfaces are well-protected. I had to find ways to bypass these protections.
Another challenge was that some of the devices I wanted to hack were expensive and hard to get my hands on. I had to be creative by viewing different sources that are verified information, and not just any information I came across over the net.
Finally, I had to figure out how the device worked before I could start hacking it. This meant reverse engineering its software and hardware by viewing other cyber professionals executing it successfully.
How did you overcome those challenges?
One of the challenges I faced was trying to understand all the different types of devices and how they worked. It was very difficult to keep up with all the new devices that were being released, and I often felt like I was playing catch-up.
Despite all these challenges, I persevered and started eventually to really understand what I was trying to accomplish in a very short time frame, but I had to do a lot of work in the field. Finally, I overcame this challenge by using my strong work ethic and determination to push through the difficult times.
My biggest advice for others is to learn as much as you can because it will get you one step closer to your goal. This knowledge will serve you later down the road when you are faced with a new project or problem that requires technical know-how about a particular device. It also helps you to be able to apply your knowledge in a different area of the security realm.
The bottom line is that you should never stop learning because it will truly help you understand how devices work and how networks are constructed. I encourage others who may be struggling with this challenge to push on because there is always a way around any obstacle when you put your mind to it.
How would you do the project differently if it was within the context of an industry setting for a job?
If I were to do the project again in an industry setting, I would take more time to plan and design the study.
What was the end result?
I’m glad that I was able to share my story with you and I hope it gives you a better understanding of the risks involved with medical devices.
My journey has been an interesting one, and I’m grateful for everything I’ve learned along the way.
Who helped along the way?
Several people helped me along the way. I was supported by my sister-in-law, who was caring for my wife, who unfortunately was diagnosed with stage 3 cancer just after I enrolled in the course.
Although it was extremely difficult, my wife Corrie encouraged me to finish the course despite the unfortunate turn of events. Michell’s support in every way, from taking her to chemotherapy when I couldn’t, to ensuring she ate well and stayed comfortable at her house, was just astounding.
The journey I took to hack medical devices would not have been possible without some very talented people. Their guidance and support have been invaluable to me. It was Luke Elin, my fantastic instructor, who helped me conceptualise this project. He gave me advice on how to approach the problem and how to build a comprehensive solution. I am grateful for Sid’s input throughout my work as well; his guidance was critical.