Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Ever Thought About Someone Hacking Your Pacemaker?

September 25, 2013

Apparently lots of medical implants can be hacked. This was a new and disturbing thought to me, but I'm fairly safe with only an artificial knee. However, according to a recent article, pacemakers, insulin pumps, defibrillators and other implantable medical devices which have wireless capabilities allowing emergency workers to monitor patients can be hacked.

Apparently, there is some hope on the horizon – researchers at Rice University have come up with a secure way to dramatically cut the risk that an implanted medical device (IMD) could be altered remotely without authorization.

Their technology would use the patient’s own heartbeat as a kind of password that could only be accessed through touch. Understandably, IMDs usually lack the kind of password security found on a home Wi-Fi router because emergency medical technicians often need quick access to the information the devices store to save a life – but that leaves them open to attack.
Besides a simple violation of privacy, someone could give you a shock, make an insulin pump inject insulin or update the software of your pacemaker – perhaps not in a good way. But the solution the researchers have come up with requires anyone who wants to read an IMD to touch you.
 
As the article notes, the system would require software in the IMD to talk to the “touch” device, called the programmer. When a medical technician touches the patient, the programmer would pick up an electrocardiogram (EKG) signature from the beating heart. The internal and external devices would compare minute details of the EKG and execute a “handshake.” If signals gathered by both at the same instant match, they become the password that grants the external device access. Because the signal from you heartbeat is different every second, the password is different each time – you can't use it even one minute later.
In effect, the heart becomes a kind of random number generator. Pretty slick.
This solution would work with legacy systems and it wouldn't use the kind of battery draining cryptography that others have suggested. There are still a few hurdles. The system would need to be approved by the FDA and implementation means working closely with device manufacturers who are leery of divulging their trade secrets.
But with more and more IMDs entering our world each day, including the upcoming possibility of putting neuron stimulators in our brains, the "Big Mo" may be on the side of a solution like this.

 

http://twitter.com/sharonnelson