Security Analysis of an IoT System Used for Indoor Localization in Healthcare Facilities
Faculty Advisor Name
Samy El-Tawab
Description
In today's world the rapid advancement of technology allows us to find new solutions to old problems in critical areas, namely patient and staff tracking in healthcare facilities. The medical staff within these facilities are in an environment where they depend on immediately knowing the location of a patient or other medical staff. McAllister et al. [1] proposed a solution named LoCATE (Localization of Health Center Assets Through an IoT Environment) which uses existing technology to track all patients and medical staff in near real time. LoCATE makes use of the current wireless networks (e.g., WiFi) within a healthcare facility by using edge node technology as its tracking solution. It has reached a point of accuracy where an object is within three to five feet of its calculated position, and the ubiquity of WiFi infrastructure in healthcare facilities makes it an attractive option to use as the backbone for a patient and staff tracking system. However, Internet of Things (IoT) devices and edge nodes create security holes in networks and leak data to the open world. This paper aims to analyze what security holes and data leaks LoCATE creates in a healthcare facility. We show the dangers of using simple and default passwords, the need to physically secure edge nodes, and the importance of securing data before transmission. We exploit the system’s weak security measures by forging edge node data, gaining unauthorized access, performing denial of service, and launching other attacks. We analyze the successfulness of these attacks to offer mitigation techniques for future devices located in critical areas, such as healthcare facilities.
Security Analysis of an IoT System Used for Indoor Localization in Healthcare Facilities
In today's world the rapid advancement of technology allows us to find new solutions to old problems in critical areas, namely patient and staff tracking in healthcare facilities. The medical staff within these facilities are in an environment where they depend on immediately knowing the location of a patient or other medical staff. McAllister et al. [1] proposed a solution named LoCATE (Localization of Health Center Assets Through an IoT Environment) which uses existing technology to track all patients and medical staff in near real time. LoCATE makes use of the current wireless networks (e.g., WiFi) within a healthcare facility by using edge node technology as its tracking solution. It has reached a point of accuracy where an object is within three to five feet of its calculated position, and the ubiquity of WiFi infrastructure in healthcare facilities makes it an attractive option to use as the backbone for a patient and staff tracking system. However, Internet of Things (IoT) devices and edge nodes create security holes in networks and leak data to the open world. This paper aims to analyze what security holes and data leaks LoCATE creates in a healthcare facility. We show the dangers of using simple and default passwords, the need to physically secure edge nodes, and the importance of securing data before transmission. We exploit the system’s weak security measures by forging edge node data, gaining unauthorized access, performing denial of service, and launching other attacks. We analyze the successfulness of these attacks to offer mitigation techniques for future devices located in critical areas, such as healthcare facilities.