Keeping Pacemakers Safe from Hackers
By HospiMedica International staff writers
Posted on 25 Nov 2009
A new technology that uses ultrasound could help protect implantable medical devices such as pacemakers and cardioverter defibrillators against wireless attacks.Posted on 25 Nov 2009
Researchers from the Swiss Federal Institute of Technology (Zurich) and the French National Institute for Research in Computer Science and Control (France) developed the new approach, which is based on the idea of restricting access to implantable medical devices by using ultrasound waves to determine the exact distance between a medical device and the wireless reader attempting to communicate with it. The combination of ultrasound waves--which travels at the speed of sound--in addition to radio signals allows the device to calculate with confidence how far away the reader actually is. The device only needs a microphone in order to detect the ultrasound and is not expected to consume much power, a key concern with an implantable medical device, since the battery is hard to replace. Since the device will not respond to requests that come from outside the predetermined distance, it will also be harder for an attacker to wear down the battery by forcing it to process one request after another. The researchers have built and tested a prototype system, and have patented the technology. The study describing the technology was presented at the Association for Computing Machinery (ACM) conference on computer and communications security (CCS), held during November 2009 in Chicago (IL, USA).
The potential risks of enabling radio communication in implantable medical devices were first highlighted by Kevin Fu, Ph.D., an assistant professor of computer science at the University of Massachusetts (Amherst, USA) and Tadayoshi Kohno, Ph.D., an assistant professor of computer science at the University of Washington (Seattle, USA). They showed how to glean personal information from such a device, how to drain its batteries remotely, and how to make it malfunction in several dangerous ways. The two researchers stress that the threat is minimal now, but argue that it is vital to find ways to protect wireless medical devices before malicious users discover and exploit vulnerabilities.
Related Links:
Swiss Federal Institute of Technology
French National Institute for Research in Computer Science and Control
University of Massachusetts
University of Washington