14 DAY TRIAL // For the millions of people around the world who walk around with medical implants in their bodies, every day is a victory. Still, wireless transmissions their devices produce leave them vulnerable to hijacking, or worse. Now, a team of experts is looking for a solution to this problem.
Researchers at the Massachusetts Institute of Technology (MIT), for example, are now working on a new system that might prevent unauthorized users from sending potentially lethal commands to medical implants.
In addition to millions of Americans that have implants, more than 300,000 new patients are added to this group yearly. These people carry cardiac pacemakers and defibrillators, drug pumps and brain-stimulating devices, among other things.
In order to be able to monitor the instruments properly, doctors installed wireless transmitters in all of these devices. A trained hacker could easily hijack the airways, sending a drug pump the command to release all the chemicals it contains into the body.
A pacemaker could be instructed to zap the heart with far more electricity than is needed. In both these scenarios, the consequences could be fatal, and all the killer would need would be a wireless transmitter and some programming skills.
Working together with colleagues at the University of Massachusetts-Amherst (UMass), the MIT group is now about present a new system that could render medical implants invulnerable to such attacks.
The innovation will be presented at the upcoming Sigcomm conference, which is organized by the Association for Computing Machinery (ACM). In a nutshell, the system relies on the use of a second transmitter to jam unauthorized signals.
This measure will allow only authorized users – such as medical staff – to relay instructions to implants. This security system can also be outfitted to existing medical devices, the team says.
“It's hard to put [encryption] on [the] devices [themselves]. There are many of these devices that are really small, so for power reasons, for form-factor reasons, it might not make sense to put the [encryption] on them,” says Dina Katabi.
The MIT Department of Electrical Engineering and Computer Science associate professor adds the the team is considering putting the jamming transmitter into a watch or necklace, or some other item that patients can wear at all times.
“This is exactly the time when you want to do this kind of research. You don't want to do it when there's an active threat,” says University of California in San Diego (UCSD) Computer Science and Engineering Department professor Stefan Savage.
“I think that's what people liked about it, that you could do it with existing devices, and that you did not have a lot of the overhead that it would take to come up with an entirely new thing,” he adds.