UW Computer Security Research and Course Blog

Summary
“Smart pillbox could be a lifesaver” that is the title on the recent news in MIT in the world. It is design to be used by elderly people so they can properly take their medication. The purpose will be to enforce the prescribe regimen to prevent drug-resistance disease and to prolong life. It might also prevent the unnecessary loss of life due to a miss of daily regiment.
Elderly people are the main target for this device, because they can be in the situation where they need to take a series of medication, like more than ten drugs. This project consists of two systems, uBox for the patient and uPhone for the health care worker. The uBox will alert the patient for his/her daily regiment by flashing lights and sound a buzzer. In addition, it will also record the time and other data which can be retrieved by the health care workers. The uBox has 14 chambers for the medication, each of which will be filled with prescription drug by the health care workers. On the other hand, the uPhone is to let the health care worker to track patient progress and retrieves the related data from the uBox.
However, smart pillbox is not only developed at MIT, University of Wisconsin-Milwaukee also been trying to develop it. The difference lies on their dispenser unit which can communicate with the medical staff via the web. The purpose of the smart pillbox is the same, which is to ensure adherence in taking medication.

Assets

• Medication or pills. Using the ‘smart’ pillbox, all medication can be safely placed against misuse or accidently double dosage. The medication will be in one location and released at specific time. This will help the elderly in taking their medication.
• Patients’ health. The health of a patient is always an asset. The ‘smart’ pillbox ensures that patient adheres with the daily regiment. In hope, they will get better by taking the medication properly.

Security Goal

• Prevent double dosage of medication. A double dosage can cause various complications in patient’s path towards recovery. It can make disease more drug resistance or maybe putting the patient in danger for adverse reaction of medication.
• Better patient treatment. Patient drug intake will properly control and can be monitored by a health care worker. Therefore, doctors and health care workers can get more accurate data to provide better care.

Potential Adversaries

• Pharmaceutical. Using the ‘smart’ pillbox, a new regulation might be put into effect on which drugs can be put on the box. Pharmaceutical companies might oppose this regulation or have to start altering their manufacturing to follow the trend.
• Competitive/rival companies. Other companies might try to discredit other products in the market to gain more market share.

Threats

• A change in the smart pillbox prescription. The ‘smart’ pillbox needs to updated with new prescription when it is available. It can be done through the internet or with the help of the health care worker. However, improper programming can cause it have an intended behavior.
• Data gathering from the device. The pillbox might contain data pertaining user information or essential data regarding the patient. The data might range from just a prescription to small quantity of user personal information. Regardless, the data needs to be safeguarded properly to reduce the risk of user privacy’s exposure.

Potential Weakness

• Patient information transfer. The health care worker can ‘tap-in’ into the device to retrieve patient information, regarding the medication and its consumption. The information can be retrieved via the web or wireless communication. In either case, the pillbox can be vulnerable to attack.
• Prescription change. If the pillbox prescription is updated via internet or wireless, then there is a potential for a device communication attack. The device needs to be sophisticated enough to identify itself and the prescription it received. An incorrect prescription can cause an adverse effect to the patient.

Potential Defenses

• Use encryption to secure patient information. All patient information stored in the pillbox needs to be encrypted, along the communication between device. The retrieval unit must be in limited quantity and only at the hand of the health care worker.
• Put a barcode reader for the smart pillbox. In order to reprogram the pillbox, it can use the barcode reader. The barcode strip will contain enough information about the medication dispense time and it should be encrypted. Therefore, healthcare worker will simply use the barcode strip to program and re-fill the pillbox.

Risk
Health care worker task might be become alleviated or threaten. Based on the current system, all elderly who needs assistance in taking their medication will require the health care assistance. Furthermore, any successful exploit could bring misfortune to the patient’s health and manufacturer corporate image. Remember, the user of this device will be an elderly people who will rely heavily on it. They will depend on the visual or audio cue that this pillbox sends out. Any mistake in the timing, dispense, and prescription will almost not be noticed by the patient him/herself.

Conclusion
This new invention might change how elderly take their medication. They become more independent and take care of themselves more easily. However, this product is still in testing phase and new revision and breakthrough will emerge in the future. We should wait and see if this device can truly help the elderly. The other solution will be to allow family member to take care of their elderly.

Note:

A similar security review has been posted at <http://cubist.cs.washington.edu/Security/2008/02/10/
security-review-smart-pillboxes-maybe-too-smart/>.