NYU Tandon researchers uncover security flaw in miniature medical labs
This image shows how the FMB manufacturing process flows from customer order through design and manufacturing to quality control and delivery. At the manufacturing stage, attackers (including disgruntled employees, industrial saboteurs, third-party insiders, or opportunists) with access to materials could compromise FMBs through chemical tampering methods like altered curing ratios, harmful chemical doping, or deliberate material degradation.
NYU researchers have identified a new material-level security risk in an emerging medical technology known as labs-on-chips, miniature devices that perform multiple laboratory tests on tiny fluid samples like blood droplets.
A team led by NYU Abu Dhabi and the NYU Center for Cybersecurity (CCS) found that in one type of these devices, called flow-based microfluidic biochips (FMBs), the crucial microscopic valves responsible for controlling the fluid flow could be subtly altered at the material level by doping reactive chemicals or stealthily altering the chemical composition during manufacturing. These microvalves are critical for the integrated microfluidic circuitry, as they precisely manipulate fluids for a bio-protocol via deforming under pneumatic pressure.
The researchers found that stealthy tampering can be achieved by introducing harmful chemicals or by altering the associated chemical composition, which significantly changes the energetics of the microvalve deformation. The tampered valves look normal under a microscope but can be triggered to rupture when exposed to deliberate low-frequency pneumatic actuations.
In a study published in Scientific Reports, the researchers name these bad valves "BioTrojans.”
"Material-level cyber-physical attacks on biochips remain understudied, posing significant future security risks,” said Navajit Singh Baban, a CCS postdoctoral associate and the study's lead author. “In this study, we've shown that by simply changing the ratio of ingredients used to make certain valves, we can create a ticking time bomb within the device. These BioTrojans look identical to normal valves but behave very differently under stress."
The researchers demonstrated that valves made with altered ratios of a common polymer called polydimethylsiloxane (PDMS) could rupture within seconds when subjected to pneumatic actuations. In contrast, properly manufactured valves withstood the same conditions for days without failure.
The implications of such vulnerabilities are significant. Microfluidic biochips are increasingly used in critical applications such as disease diagnosis, DNA analysis, drug discovery, and biomedical research. A compromised valve could lead to contamination, inaccurate test results, or complete device failure, potentially endangering patients or derailing important research.
"This isn't just about a malfunctioning medical device," said Ramesh Karri, the senior author of the study. Karri is a professor and chair of NYU Tandon School of Engineering’s Electrical and Computer Engineering Department and a member of CCS, which he co-founded in 2009. "It's about the potential for malicious actors to intentionally sabotage these critical tools in ways that are very difficult to detect.”
The research team’s proposed solutions include design modifications to make valves more resilient and a novel authentication method using fluorescent dyes to detect tampered components.
"We're entering an age where the line between the digital and biological worlds is blurring," Baban said. "As these miniaturized labs become more prevalent in healthcare settings, ensuring their security will be crucial to maintaining trust in these potentially life-saving technologies. We hope this work will spur further investigation into the cybersecurity aspects of biomedical devices and lead to more robust safeguards in their design and manufacture.”
In addition to Baban and Karri, the paper's authors are Jiarui Zhou, Kamil Elkhoury, Yong-Ak Song and Sanjairaj Vijayavenkataraman, all from the Division of Engineering at NYU Abu Dhabi; Nikhil Gupta, professor in NYU Tandon’s Department of Mechanical and Aerospace Engineering and member of CCS; Sukanta Bhattacharjee from the Department of Computer Science and Engineering at Indian Institute of Technology Guwahati; and Krishnendu Chakrabarty from the School of Electrical, Computer and Energy Engineering at Arizona State University.
Baban, N.S., Zhou, J., Elkhoury, K. et al. BioTrojans: viscoelastic microvalve-based attacks in flow-based microfluidic biochips and their countermeasures. Sci Rep 14, 19806 (2024). https://doi.org/10.1038/s41598-024-70703-0
