Enhancing Medical Device Security: Exploring the Exploitability and Impact of GUI Vulnerabilities Through a Hacking Tool Experiment

Jan J.K. Küfner, Sabeen Tahir*, Sheikh Tahir Bakhsh, Linda Mohaisen, Samuel Danso

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

In the context of medical device security, the risks associated with graphical user interfaces (GUIs) have not received sufficient attention despite extensive research on vulnerabilities in such devices. To bridge this gap, the proposed technique aims to investigate the exploitability and impact of GUI vulnerabilities in medical equipment. By providing a proof of concept for the exploitability of GUI flaws, this research contributes to the ongoing efforts in securing medical devices, safeguarding patient safety, and protecting personal information. To address the aforementioned research gap, an experiment is conducted. This experiment encompasses the development of a hacking tool utilizing artificial intelligence (AI) to facilitate the evaluation of the effectiveness of cyberattacks. The experiment primarily focused on a simulated medical device, which consisted of an Android tablet running Kotlin software. The results of the experiment demonstrated that the hacking device exhibited inconsistent performance when used to compromise the GUIs of medical devices. While the device had limitations in terms of set-up time, reliability, adaptability, and speed, potential enhancements were identified and recommended for future iterations.

Original languageEnglish
Title of host publicationAI Applications in Cyber Security and Communication Networks - Proceedings of 9th International Conference on Cyber Security, Privacy in Communication Networks ICCS 2023
EditorsChaminda Hewage, Liqaa Nawaf, Nishtha Kesswani
PublisherSpringer Science and Business Media Deutschland GmbH
Pages431-452
Number of pages22
ISBN (Print)9789819739721
DOIs
Publication statusPublished - 18 Sept 2024
Event9th International Conference on Cyber Security, Privacy in Communication Networks, ICCS 2023 - Cardiff, United Kingdom
Duration: 9 Dec 202310 Dec 2023

Publication series

NameLecture Notes in Networks and Systems
Volume1032 LNNS
ISSN (Print)2367-3370
ISSN (Electronic)2367-3389

Conference

Conference9th International Conference on Cyber Security, Privacy in Communication Networks, ICCS 2023
Country/TerritoryUnited Kingdom
CityCardiff
Period9/12/2310/12/23

Keywords

  • Graphical user interfaces (GUIs)
  • Kotlin software
  • Medical device security vulnerabilities
  • Patient safety

Cite this