No longer the stuff of science fiction, personalized medical devices, ranging from hearing aids to surgical instruments, are already being created using 3D printing, with more advanced products like customized artificial organs on the horizon. Though these advances promise benefits to patients worldwide, they also open new pathways for cybercriminals to exploit.
Ning Zhang, assistant professor of computer science & engineering in the McKelvey School of Engineering at Washington University in St. Louis, and his team are working to get ahead of potential cyberattacks with XCheck, a tool they developed to detect hidden defects in 3D printed patient-specific devices. This work was presented Aug. 10 at the USENIX Security Symposium in Anaheim, California.
“The future is personalized medicine, and the consequences of attack are potentially very big,” Zhang said. “This technology is in its infancy, so we aren’t seeing a lot of attacks yet, but it’s good to think about how to defend against them in advance before harm to real patients occurs.”
The process to manufacture patient-specific devices often requires medical professionals to send designs to specialized printing facilities, which fabricate the device. Similar to ransomware attacks where cybercriminals hold information hostage until payment is made, bad actors could tamper with the designs or printing process to introduce malicious defects that only they know how to address.
XCheck is unique in that it protects against such attacks by evaluating the final product via CT scan, rather than trying to secure every stage of the manufacturing process, which could be a complex and costly – if not outright impossible – endeavor.
“XCheck automatically compares the CT scans of a printed device to its original design to detect deviations that might be invisible to medical practitioners,” explained Zhiyuan Yu, the lead author of the paper and a graduate student in Zhang’s lab. “The CT scan can reveal surface discrepancies, but, more importantly, it also lets us see hidden flaws.”
XCheck measures the volume of the device to make sure there aren’t any internal defects, like hollowed-out portions that shouldn’t be there. It can also use data provided by the CT scan to verify the correct material has been used to fabricate the device.
Because XCheck uses existing equipment and will be made widely available by Zhang’s team, Zhang would like to see the tool employed widely in medicine and in other applications as a general tool for quality assurance in a future he says will be increasingly cyberphysical.
“Moving forward, humans are going to be depending on computing more to live longer, healthier lives. As our dependency on this technology becomes greater, security considerations become more important,” Zhang said. “XCheck is a practical tool for technicians or physicians to explore potential defects in manufactured devices. It can’t make the final decision about whether something is safe for a patient, but it does provide expert users with critical information and visualization to make that determination.”
Yu Z, Chang Y, Zhai S, Deily N, Ju T, Wang XF, Jammalamadaka U, Zhang N. XCheck: Verifying integrity of 3D printed patient-specific devices via computing tomography. USENIX Security Symposium, Aug. 9-11, 2023. https://www.usenix.org/conference/usenixsecurity23/presentation/yu-zhiyuan-xcheck
This work is supported by the National Science Foundation (CNS-1916926, CNS-2038995, CNS-2154930 and CNS-2238635) and by the Army Research Office (W911NF-20-1-0141).