We have completed maintenance on DiscoverMagazine.com and action may be required on your account. Learn More

Scientists Develop a Way to Keep Your Pacemaker From Getting Hacked

By Veronique Greenwood
Jun 16, 2011 11:57 PMNov 20, 2019 1:53 AM


Sign up for our email newsletter for the latest science news

Many implants like this pacemaker can receive and transmit wireless signals

What's the News: Topping the list of things you don't want hacked is your heart. And with 300,000 medical devices such as pacemakers and drug pumps implanted each year, many of which can be controlled through wireless signals, that might soon be a real risk for patients to consider. To prevent such attacks, researchers from MIT and UMass Amherst are developing a jamming device that can be worn as a necklace or watch and keeps implants from receiving orders from unauthorized senders. The team will present their experiments with defibrillators

 [pdf], with off-the-shelf radio transmitters playing the role of the shield, at the SIGCOMM

conference in Toronto. How the Heck:

  • Many medical implants send data about how a patient is doing directly to the doctor via radio transmission. And doctors can tweak implants' performance by sending instructions like "Release more of that drug" or "Beat faster."

  • The team's device, called a shield, would intercept such instructions and, if they were encrypted using the key available only to the patient's doctor, send them along to the implant, while unauthorized messages---which might go something like "Provide a lethal shock to the heart"--- wouldn't be passed on. The implant's own messages would in turn be encrypted and sent onto the doctor. 

  • The team found that without the shield, their defibrillators obeyed commands from transmitters more than 40 feet away. With the shield, eavesdroppers or adversaries as close as 20 cm couldn't control the devices or listen in on their messages.

  • One of the shield's big perks is that it would work with existing implants. And because it only works when it's near the implant, emergency personnel trying to reset a pacemaker, for example, could just remove the shield in order to send new orders. If the encryption were taking place in the implant itself, emergency overrides would be much more difficult.

What's the Context:

  • Three years ago, a team of scientists including Kevin Fu, an author of the current paper, demonstrated [pdf] that they could interere with defibrillators and eavesdrop on their signals, learning patient names, diagnosis, and information about vital sounds, using readily available tech. While vulnerabilities in implant security had been discussed for some time, the discovery galvanized researchers to come up with creative solutions.

  • Researchers have looked into making new implants that perform the encryption themselves, but that approach comes with several serious drawbacks, like the difficulty of an emergency override and the need for manufacturers to alter their designs, which are highly optimized in terms of size and shape and may not have room on them for encryption gear.

The Future Holds: Such attacks haven't happened yet, to our knowledge. But given the risks---disclosure of patient's names and medical data, and potentially fatal interference---it behooves medical device companies to start looking into solutions like the shield. Image credit: Wikimedia Commons

1 free article left
Want More? Get unlimited access for as low as $1.99/month

Already a subscriber?

Register or Log In

1 free articleSubscribe
Discover Magazine Logo
Want more?

Keep reading for as low as $1.99!


Already a subscriber?

Register or Log In

More From Discover
Recommendations From Our Store
Shop Now
Stay Curious
Our List

Sign up for our weekly science updates.

To The Magazine

Save up to 40% off the cover price when you subscribe to Discover magazine.

Copyright © 2024 Kalmbach Media Co.