Harbor Labs was engaged by an industry leading manufacturer of automated external defibrillators (AED) to help resolve a security issue that was impeding both regulatory approvals and corporate business objectives.

The AED in question was the subject of an academic research paper, published several years prior, that analyzed the manufacturer’s deployment model and the methods used to update device firmware post-market. The authors of this paper highlighted several security flaws in the manufacturer’s model that would have made it susceptible to eavesdropping and a man-in-the-middle attack.

When brought to the attention of FDA regulators, the CDRH/Office of Device Evaluation deemed the reported vulnerabilities severe enough to warrant a hold letter. At the time the hold was issued, the client had nearly 500,000 devices in market, restricting their ability to update their fielded systems or to sell and deploy new units. Despite several attempts by the client to redesign the patch model to meet FDA approval, the lead FDA examiner continued to identify vulnerabilities in their designs that disqualified them.

At this point, Harbor Labs was brought in to assess the client’s patch model and to assist in the Q-Submission process. Harbor Labs engineers reviewed the client’s cloud distribution network, key generation and management processes, and signing policies, and compared them against common FDA regulatory criteria.

After identifying the flaws in the system, Harbor Labs redesigned the client’s architecture and processes, and provided engineering consulting to assist in its implementation. The final architecture featured a secure signing PC with a read-only disk image connected to a pre-provisioned HSM for local digital signing of the firmware. SAML-based authentication was integrated with the client’s Microsoft Active Directory to control access for authorized firmware uploads. A cloud-based AWS distribution network with a serverless architecture implementing a RESTful-API was used to apply an outer digital signature to the firmware package and distribute the update to authenticated, authorized AEDs. Harbor Labs developed a Python module that exposed a class-based interface for integrating the RESTful API into the client’s tooling and internal software. After implementing this design, Harbor Labs performed functional testing and wrote user documentation before handover to the client

The Harbor Labs design was submitted to the FDA via a Q-Submission. With every disqualifying characteristic of the client system now remediated and verified by Harbor Labs, the client was approved to resume commercial sales.