Synthesizing Pareto-Optimal Signal-Injection Attacks on ICDs

Implantable Cardioverter Defibrillators (ICDs) are medical cyber-physical systems that monitor cardiac activity and administer therapy shocks in response to sensed irregular electrograms (EGMs) to prevent cardiac arrest. Prior work has shown that the analog sensors used in these systems are vulnerable to signal-injection attacks. Such attacks induce morphological changes in EGM measurements that disrupt the normal behavior of the ICD’s control software and cause the device to administer incorrect therapy. Existing work has primarily focused on the feasibility of such attacks and has not examined how they can be systematically devised. In this paper, we introduce InjectICD, a model-based framework for the systematic construction of stealthy signal-injection attacks that can thwart ICD control software. InjectICD solves the problem of synthesizing attack signals as one of multi-objective optimization, thereby allowing it to identify Pareto-optimal signal-injection templates that maximize the probability of attack success while simultaneously applying minimal modifications to the original EGM. We evaluate InjectICD on an ICD algorithm currently implemented in devices from a major ICD manufacturer. We show that InjectICD can construct such attack templates for various heart conditions and under different adversary capabilities, while also demonstrating that our approach generalizes to unseen EGM signals. Our results highlight the urgent need for ICD manufacturers to incorporate defenses against signal-injection attacks.