Pierluigi Paganini April 27, 2015

WattsUpDoc is a platform developed by two researchers for the monitoring of medical devices and detection of potentially “life-threatening malware.”

Two US Hospitals will start using a system that can detect malware infections of medical devices, the technique relies on a probe that monitors the AC power consumption of the units.

The hospitals (name were kept in secret) are the first to test the platform “WattsUpDoc” for the monitoring of medical devices, the probe will check the units searching for potentially “life-threatening malware”.

The researchers Benjamin Ransford and Denis Foo Kune that developed the platform “WattsUpDoc” have invested their time analyzing the undesirable power consumption caused by the presence of malware in an infected computer. The experts have developed a technique that has the accuracy of a desktop anti-virus, but with the substantial difference this without had to change software or hardware.

The inventors introduced for the first time “WattsUpDoc” in 2013 releasing the paper WattsUpDoc: Power Side Channels to Non intrusively Discover Untargeted Malware on Embedded Medical Devices, last week they have presented it at the RSA.

“What you may be able to determine through AC power consumption are things like the computer that is plugged into an outlet, or more interestingly what is that computer doing?… We are thinking about those machines that are really hard to patch, really hard to upgrade, and really hard to get inside.” explained Benjamin Ransford at the RSA. “We turned side-channel analysis on it’s head … traditionally it is used to disclose secrets but in this case we want to spy on malware instead of people.”

Even if the name of the Hospitals can’t be revealed yet, Ransford and Kune said that the Hospitals will be using a beta version of the WattsUpDoc platform during the second quarter of this year.

“We’ve productized our research in two ways; designing a new hardware that puts the technology on a single board, and building a cloud-based machine-learning infrastructure that processes the information flowing in from our hardware and integrates with SIEMs,” they added.

Meaning that they built a machine-learning feed for a system information and event management ( SIEM) systems and upgraded WattsUpDoc hardware.

The results of the experiment conducted with the WattsUpDoc technique are awesome, in previous tests the platform detected between 94% of known malware and 85% of  unknown malware.

I’m very surprised by the data related to the 85% of  unknown malware, this open the use of the WattsUpDoc platform to new scenarios.

The researchers also made a live demonstration at the RSA, where it was show a unique footprint when visiting websites like Yahoo, Twitter, and YouTube,

“This causes changes in the software execution path that echoes back on the power line,”

Let me suggest you to give a look to the slides of the presentation made at the RSA conference.

About the Author Elsio Pinto

Edited by Pierluigi Paganini

(Security Affairs – WattsUpDoc, medical devices)