Beware the BioTrojans

The global market for tiny biomedical devices known as labs-on chips is growing exponentially. Estimates of the market's 2024 value range from $12 billion to $13 billion, with projections to hit $30 billion by 2030.

With this rapid growth drawing money and attention, there is a growing sense of urgency to address identified potential security risks, according to a research team from NYU Abu Dhabi and the NYU Center for Cybersecurity. Vulnerabilities in biochips can leave them subject to “attacks on material level, on physical level or at cyber security level,” said Navajit Singh Baban, a postdoctoral associate at NYU Abu Dhabi’s Division of Engineering, and lead author of research on “BioTrojans” recently published in Scientific Reports. The latest paper is a follow up of research published earlier in Lab on a Chip, which was a collaboration with a team from Arizona State University.  

“We call it biochips, but they use the principle of microfluidics,” said Baban, adding they are “like computer chips, which uses current and transistor and wires but used for biological computation.” Though biochips have been around for decades, their use became prevalent during COVID. They are often used in point-of-care diagnostics such as fluid or PCR testing, or by those in laboratories working on modern vaccine development.  

There are several companies “who have made a fortune” out of microfluidic technology, said Baban. A lot of money often creates risk scenarios, such as an intentional “denial of service” by bad actors intent on sabotage. Additional risk may come from intellectual property theft or the creation of counterfeit chips, he added.  

Biomedical Devices: Wearable Patch Reads Muscle Activity Remotely

Flow-based microfluidic biochips, or FMBs, control fluid flow within microchannels and micro-reaction chambers using microvalves and pumps. 

“They are very advanced, sophisticated chips, but they use fluid flow pressure difference, let's say pneumatic, and elastomeric polymeric materials to control or manifest fluid,” Baban said. The material often used in FMBs is “this super cool polymer known as PDMS, polydimethylsiloxane,” he explained. PDMS is liquid in its original state and can be heated into a solid. It’s also transparent.  

“Because of the vulnerability associated with polymers and plastics, because they are made from different techniques like liquid to solid conversion, we have lots of vulnerabilities,” Baban said.  

“During the liquid phase one can add bad chemicals,” he continued, explaining that can cause defects in the transformed solidified material which may be difficult to detect during quality control. The team proved these material-level risk concepts in their initial paper, showing how altering the chemical composition can significantly change the energetics of the microvalves. Those impacted valves look identical to normal valves but can rupture or break under stress.  

Discover the Benefits of ASME Membership

“It's a super stealthy attack and people are unaware of it,” he said. This can lead to false diagnostic results and can cause havoc within healthcare. “We call it BioTrojans,” Baban said.  

Baban and his team believe it’s well past time to develop a simple authentication technique to prevent the use of BioTrojans. He noted that in addition to material level risks in manufacturing, the biochips are delivered through a complicated supply chain. Customers should be able to verify the authenticity of the product upon receipt, he said, adding that value is comparable or even worth more than the amount of time and investment invested in virus protection for computers.  

For one of the potential solutions, the transparency of PDMS becomes more valuable. A watermark is a simple way to verify authenticity and can be added using organic dyes well suited for PDMS, which can then be authenticated by a spectrometer. 

“We can literally put those dyes inside this material so that it becomes fluorescent under UV light,” Baban said.  

The team also explored the use of machine learning for verification. Mechanical force information can be gathered using a load cell, Baban explained.  

“There's a load cell setup and we have this poking mechanism,” he said, noting that the load response can be authenticated by matching it to a machine learning based database created during manufacturing or quality control phases.  

More for You: Safeguarding Devices—Not Just Data—From Cyberattack

Some of the researchers' latest work is focusing on the development of an image-based watermark that can be easily confirmed over common devices such as mobile phones. This allows the customer or end user to confirm whether a device is authentic or not. 

The market is currently not seeing much demand for authentication and while some of that is due to unawareness, the addition of a verification process “will certainly increase the cost of that particular chip,” Baban noted. But that cost likely pales in comparison to the costs of biochip failure or outright sabotage. “This is for human health, so this is critical,” he said, adding in addition to healthcare, biochips are used in programs established by the U.S. Department of Defense.  

“That's why we are trying to come up with active countermeasures that we can be monitoring and tracking at every level,” Baban said.  

Nancy Kristof is a technology writer in Denver.