SRF301 - Hearing Aid Data Security: User Perceptions and Bluetooth Vulnerability Assessment

Abstract: Bluetooth® wireless connectivity integration into hearing aid systems introduces cyber threat susceptibility. This study assessed the perceptions of audiologists and hearing aid users regarding wireless data security in hearing aids using the Internet Users' Information Privacy Concerns (IUIPC) framework. This study also measured potential identifying information in Bluetooth wireless communication of five hearing aids with simulated patient data during different usage modes via passive interception, or "sniffing," techniques. Findings revealed concerns among both audiologists and users regarding data security. Three of the five tested hearing aids exhibited data vulnerabilities, emphasizing the need for enhanced data security measures in this domain.

Summary:

In the realm of modern technology, medical devices have emerged as prime targets for cyber-attacks. Attackers often exploit these devices to gain access to sensitive patient information, which can be leveraged for more devastating attacks or sold on the dark web, potentially compromising individuals' privacy and security.

The integration of Bluetooth® wireless connectivity into hearing aid systems introduces a susceptibility to diverse cyber threats. This technological advancement has undoubtedly enhanced the convenience and functionality of hearing aids by allowing wireless communication between the hearing aid and smart phones, smart watches, and computers, but it has also introduced potential susceptibility to a range of cyber threats. Consequently, the security risks associated with these devices are a matter of great concern, given their potential impact on the safety and privacy of hearing aid users. Audiologists, as primary healthcare providers responsible for prescribing and dispensing hearing aids, find themselves in a unique position of influence and responsibility. Their knowledge, or lack thereof, about the cybersecurity risks inherent to hearing aids can significantly impact the well-being of their patients.

The primary objective of this research was to assess the perceptions of both hearing aid users and audiologists regarding information security within the realm of hearing aid technologies. To achieve this, a total of 97 audiologists and 41 hearing aid users were surveyed. Participants completed an adapted version of the Internet Users’ Information Privacy Concerns (IUIPC) survey framework to identify their concerns and attitudes towards information security in the context of hearing aids.

In addition to the survey, this study assessed the presence of identifying information within Bluetooth Low Energy (BLE) communication traffic of five different hearing aid models. The data collection process involved passive interception, commonly known as "sniffing," of openly broadcasted data during various hearing aid modes, including pairing, media streaming, and phone calls.

The results of this study unveiled significant concerns expressed by both audiologists and hearing aid users regarding data security in the context of hearing aids. These concerns highlight the pressing need for enhanced information security measures within hearing aid technologies to protect sensitive patient information. Moreover, the technical analysis of the hearing aids revealed crucial insights. Out of the five hearing aids examined, three of them exhibited vulnerabilities by disclosing information. Only one hearing aid model did not utilize the patient's name as the device's programmed name, indicating a slightly higher level of security awareness in its design.

In conclusion, this research sheds light on the evolving landscape of cybersecurity within hearing aid technologies. It underscores the concerns voiced by audiologists and hearing aid users, emphasizing the urgent need for improved data security practices in this domain. While this study has revealed vulnerabilities in some hearing aids, further research is warranted to comprehensively assess the extent of security vulnerabilities and explore potential solutions to mitigate these risks effectively. Safeguarding the privacy and security of hearing aid users must remain a paramount concern as technology continues to play an increasingly integral role in healthcare.