Researchers uncover security flaw in miniature medical labs

NYU researchers have identified a new material-level security risk in an emerging medical technology known as labs-on-chips, miniature devices that perform multiple laboratory tests on tiny fluid samples like blood droplets.

A team led by NYU Abu Dhabi and the NYU Center for Cybersecurity (CCS) found that in one type of these devices, called flow-based microfluidic biochips (FMBs), the crucial microscopic valves responsible for controlling the fluid flow could be subtly altered at the material level by doping reactive chemicals or stealthily altering the chemical composition during manufacturing. These microvalves are critical for the integrated microfluidic circuitry, as they precisely manipulate fluids for a bio-protocol via deforming under pneumatic pressure.

The researchers found that stealthy tampering can be achieved by introducing harmful chemicals or by altering the associated chemical composition, which significantly changes the energetics of the microvalve deformation. The tampered valves look normal under a microscope but can be triggered to rupture when exposed to deliberate low-frequency pneumatic actuations.

In a study published in Scientific Reports, the researchers named these bad valves "BioTrojans."

"Material-level cyber-physical attacks on biochips remain understudied, posing significant future security risks," said Navajit Singh Baban, a CCS postdoctoral associate and the study's lead author. "In this study, we've shown that by simply changing the ratio of ingredients used to make certain valves, we can create a ticking time bomb within the device. These BioTrojans look identical to normal valves but behave very differently under stress."

The researchers demonstrated that valves made with altered ratios of a common polymer called polydimethylsiloxane (PDMS) could rupture within seconds when subjected to pneumatic actuations. In contrast, properly manufactured valves withstood the same conditions for days without failure.

The implications of such vulnerabilities are significant. Microfluidic biochips are increasingly used in critical applications such as disease diagnosis, DNA analysis, drug discovery, and biomedical research. A compromised valve could lead to contamination, inaccurate test results, or complete device failure, potentially endangering patients or derailing important research.

"This isn't just about a malfunctioning medical device," said Ramesh Karri, the senior author of the study. Karri is a professor and chair of NYU Tandon School of Engineering's Electrical and Computer Engineering Department and a member of CCS, which he co-founded in 2009. "It's about the potential for malicious actors to intentionally sabotage these critical tools in ways that are very difficult to detect."

The research team's proposed solutions include design modifications to make valves more resilient and a novel authentication method using fluorescent dyes to detect tampered components.

"We're entering an age where the line between the digital and biological worlds is blurring," Baban said. "As these miniaturized labs become more prevalent in health care settings, ensuring their security will be crucial to maintaining trust in these potentially life-saving technologies. We hope this work will spur further investigation into the cybersecurity aspects of biomedical devices and lead to more robust safeguards in their design and manufacture."

Provided by NYU Tandon School of Engineering