Hacking to Make Ventilators - ThreatWire
Added 2020-04-21 17:55:50 +0000 UTCThis story was chosen by ThreatWire Patrons in our weekly show poll! Due to the pandemic, many hackers are turning to new techniques to speed up the rate at which hospitals get the protective equipment they need, with others 3D printing parts for ventilators. A security researcher named Trammell Hudson decided to look into popular CPAP machines that are meant to treat sleep apnea to see if they could be used as ventilators. He was successfully able to jailbreak a device called an AirSense 10 to unlock it’s potential to be a bilevel positive airway pressure machine (a BiPAP for short), and possibly as a ventilator.
The company behind these $700 sleep apnea CPAP devices, ResMed, has stated that the AirSense10 would need a major reworking to be able to function as a ventilator. This company also manufactures ventilators, which are much more expensive. Hudson found that the firmware within the AirSense 10 already has ventilator functions as a part of it’s code, so he reverse engineered the device, going to far as to take it apart and turn it into a BiPap machine.
CPAP machines funnel air into a mask, but more advanced BiPap machines funnel air into the mask then reduce pressure to a lower level to allow it back out, hence bilevel. Based on this, a CPAP couldn’t be used as a ventilator because it wouldn’t be able to reduce the pressure to allow to the air to flow both ways. After reverse engineering the AirSense 10, Hudson was able to demonstrate using this machine in a bilevel way with a patch he calls Airbreak. Since the FDA has approved BiPAP machines to be used as ventilators, as long as they are fitted with filters to prevent virus spread, this means his jailbreak could put even more devices into hospitals to combat the virus. Researchers hope that by showing how Airbreak successfully worked, that ResMed would release their own firmware for the devices to quickly and efficiently be used as ventilators.
ResMed could do this by using the code available through AirBreak and releasing it as an update over the air to their devices already in the field, instead of waiting for more ventilators to be manufactured, or in parallel with the manufacturing. Unfortunately though, ResMed states that their AirSense 10 devices would still require significant reworking to be used for bilevel therapy, and while their “exploring the option” of working with researchers, their main focus is production of ventilators and masks.
Since these devices are being used to save lives, the researchers do not recommend that hospitals try to jailbreak their own devices. The jailbreak itself is not FDA approved and the devices would need filters and remote control capabilities to be effective.
Jailbreaking medical devices to help with shortage of ventilators:
https://www.fda.gov/media/136702/download
https://www.wired.com/story/a-vital-hack-could-turn-medical-devices-into-ventilators/
Support me on alternative platforms! https://snubsie.com/support
Shop ThreatWire Merch! - https://snubsie.com/shop
https://www.youtube.com/shannonmorse -- subscribe to my tech channel!
ThreatWire is only possible because of our Patreon patrons! https://www.patreon.com/threatwire
