14 DAY TRIAL // Researchers from Rice University have found a new way to protect medical devices against hacker attacks. The method they propose involves using the patient’s own heartbeat as a password for accessing the device.
Experts have often warned that medical devices with wireless capabilities such as pacemakers, defibrillators and insulin pumps can be hacked. The United States Food and Drug Administration has also made recommendations on this topic.
The new authentication system for implanted medical devices, dubbed “Heart-to-Heart,” has been developed by Rice electrical and computer engineer Farinaz Koushanfar, and graduate student Masoud Rostami, in collaboration with Ari Juels, former chief scientist at RSA Laboratories.
Koushanfar and Rostami will present the system in November at the Conference on Computer and Communications Security in Berlin.
The experts highlight that implanted medical devices cannot be protected with the kind of passwords used to secure Wi-Fi routers because the system would prevent medical technicians from quickly accessing the information.
The system they propose relies on an external “touch” device, called the programmer. This device is used by a medical technician to pick up an electrocardiogram (EKG) signature from the patient’s beating heart.
The external and the internal devices compare details of the EKG. Access is granted only if the signals collected by both at the same time match.
“The signal from your heartbeat is different every second, so the password is different each time. You can’t use it even a minute later,” said Rostami.
The heart basically becomes a random number generator, he noted.
“To our knowledge, this is the first fully secure solution that has small overhead and can work with legacy systems. Like any device that has wireless access, we can simply update the software,” Koushanfar stated.
In order to implement this new system in medical devices, it must first obtain FDA approval. Of course, manufacturers also need to be on board to make it happen.
Check out the detailed paper on Heart-to-Heart.