News Feature | May 28, 2015

Hospitals Leverage AC Power Probes To Detect Malware

Christine Kern

By Christine Kern, contributing writer

the Punkey malware threat

Hospitals can use WattsUpDoc to detect whether or not malware has been introduced into networks.

The recent Premera Blue Cross cyberattack, which impacted as many as 11 million customers, may also have been predicted when an audit revealed existing vulnerabilities in the healthcare system’s security protocols. According to Fierce Health IT, Premera had received results of an audit warning of numerous security issues three weeks – including the presence of a malware – before it was breached.

Now, according to The Register, a malware detection system called WattsUpDoc measures the flow of power and electricity to determine whether or not malware has been introduced into a network, and two major unnamed hospitals are involved in a trial of the system for detecting malware on medical devices. The platform is said to detect malware with the accuracy of desktop security solutions, but – crucially – does not require the modification of system hardware or software.

WattsUpDoc was developed by researchers Benjamin Ransford and Denis Foo Kune, who first unveiled the platform in a 2013 paper, WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices. The duo has since formed the commercial outfit Virta Labs and made their presentation slides from the RSA Conference available online.

“What you may be able to determine through AC power consumption are things like the computer that is plugged into an outlet, or more interestingly what is that computer doing? We are thinking about those machines that are really hard to patch, really hard to upgrade, and really hard to get inside.” explained Ransford at the RSA Conference, according to We Live Security. “We turned side-channel analysis on its head. Traditionally it is used to disclose secrets but in this case we want to spy on malware instead of people.”

As noted by Security Affairs, tests of WattsUpDoc found the platform detected at least 94 percent of known malware and 85 percent of unknown malware, roughly the same as PC-based security solutions. However, the challenges of monitoring malware over AC can include the varied power consumption of modern computers and difficulties associated with the monitoring of multiple machines through a centralized system.

WattsUpDoc works by listening to the power outlets of these connected medical devices and looking for anomalies in power flow. “Flash memory actually draws power differently when it’s starting to become run down,” Kevin Fu, one of the professors behind WattsUpDoc who also performs medical device research at the University of Michigan, told Business Insider.

The duo told The Register they have built a machine-learning feed for system information and event management (SIEM) systems and upgraded WattsUpDoc hardware. “We've productized our research in two ways; designing a new hardware that puts the technology on a single board, and building a cloud-based machine-learning infrastructure that processes the information flowing in from our hardware and integrates with SIEMs,” Ransford says. Looking at malwares from this angle could also change how other security professionals approach their work. “We’re trying to change the way people think about anomalies,” said Fu.