Synthesizing Pareto-Optimal Signal-Injection Attacks on ICDs

Implantable Cardioverter Defibrillators (ICDs) are medical cyber-physical systems that monitor cardiac activity and administer therapy shocks in response to sensed irregular electrograms (EGMs) to prevent cardiac arrest. Prior work has shown that the analog sensors used in these systems are vulnerable to signal-injection attacks. Such attacks induce morphological changes in EGM measurements that disrupt the normal behavior of the ICD's control software and cause the device to administer incorrect therapy. Existing work has primarily focused on the feasibility of such attacks and has not examined how they can be systematically devised. In this paper, we introduce InjectICD, a model-based framework for the systematic construction of stealthy signal-injection attacks that can thwart ICD control software. InjectICD solves the problem of synthesizing attack signals as one of multi-objective optimization, thereby allowing it to identify Pareto-optimal signal-injection templates that maximize the probability of attack success while simultaneously applying minimal modifications to the original EGM. We evaluate InjectICD on an ICD algorithm currently implemented in devices from a major ICD manufacturer. We show that InjectICD can construct such attack templates for various heart conditions and under different adversary capabilities, while also demonstrating that our approach generalizes to unseen EGM signals. Our results highlight the urgent need for ICD manufacturers to incorporate defenses against signal-injection attacks.

Automated summary

Implantable Cardioverter Defibrillators (ICDs) are vulnerable to signal-injection attacks, which induce morphological changes in measured electrograms (EGMs) and disrupt the normal behavior of the ICD control software. This paper introduces InjectICD, a model-based framework that systematically constructs stealthy attack templates for ICDs by synthesizing attack signals as multi-objective optimizations. The evaluation shows that InjectICD can construct attack templates for various heart conditions and adversary capabilities, highlighting the need for ICD manufacturers to incorporate defenses against signal-injection attacks.