Remotely hacking a pacemaker or insulin pump should be impossible, but sadly it isn’t.
It puts the millions of people who use wireless medical implants at potential risk. Researchers at Rice University believe they have a solution: a touch-based device that will use a person’s own heartbeat as a password to permit or deny access to their implant.
Making wireless medical implants totally secure is tricky business because of the need to make them instantly accessible to emergency medical personnel, who might need the information to save lives. "The current generation of devices do not typically have security functions," Rice electrical and computer engineer Farinaz Koushanfar tells Gizmag, "They can be hacked rather easily, once a hacker spends the time to figure out the communication protocol by eavesdropping on packages sent or received by the device."
Many known security measures can’t be incorporated into IMDs because they are either too computationally intensive (which causes a power drain) or so tough that they affect emergency response times. The famous hacker Barnaby Jack, who was due to speak at the Black Hat conference earlier this year, planned to reveal his findings on security flaws in insulin pumps that would allow someone 300 feet away to release a fatal dose, before his unfortunate death. Hackers have shown that it’s possible to change the software on a pacemaker, change the heart rate and even deliver shocks to the heart.
"The possibilities are endless," Koushanfar tells us. "Whatever function which can be remotely controlled from the wireless channel can be a subject to hack." Scientists have looked into solutions like wearable wireless signal jammers, identification numbers and secondary authentication to solve the problem. The Rice University team’s approach calls for matching unique characteristics within a patient’s heartbeat that requires software within the IMD to communicate with a programmer, an external touch device that emergency workers can carry.