Harbor Labs partnered with a major manufacturer of MRI drug infusion pumps to resolve a set of disqualifying issues that arose during their initial FDA submission. Infusion pumps used to administer drugs to patients undergoing an MRI must be shielded in order to operate in the high magnetic field of the scanning machine. This manufacturer’s innovative approach was to employ a wireless controller that would communicate with the pump over a proprietary 2.4 GHz radio protocol designed to protect the connection from the effects of the magnetic field. However, when the device was submitted to the FDA for 510(k) clearance, the application was rejected due to insufficient evidence that such a radio interface was secure, and that its traffic could not be sniffed or hijacked by an attacker.

Working directly with the manufacturer’s hardware, Harbor Labs was able to tear down the devices comprising the system, analyze the cryptography in the firmware, and reverse engineer the radio protocol. Harbor Labs then produced documentation detailing how the manufacturer had in fact appropriately secured the infusion pump communication. This involved reproducing the build system used by the manufacturer to produce their signed firmware images and flash custom firmware builds with debugging enabled in order to dynamically analyze radio messages as they were sent and received. Harbor Labs was able to view the entire exchange of data between the controller and pump, showing the unencrypted “handshake” between the two devices authenticating a connection, and then the successive encrypted data transfer of pump instructions being transmitted.

Harbor Labs also performed a deep source code audit of the manufacturer’s firmware, specifically analyzing their implementation of cryptographic functions. Several issues were identified during this audit, and Harbor Labs worked with the manufacturer to modify the source to better ensure the security of their radio communication. Finally, Harbor Labs produced detailed documentation and diagrams describing the manufacturer’s system and the encryption/decryption processes to clearly communicate these complex processes to the FDA reviewer.