Consider the pacemaker. A marvel of modern technology, the pacemaker uses electric pulses to regulate a person’s heartbeat. The latest generation of pacemakers, though, do even more than that. In addition to their direct medical function, the latest pacemakers also have wireless connections enabling them to transmit information for doctors to analyze. And they can receive signals in turn, enabling doctors to non-invasively alter a treatment regimen.
Turning medical devices into communications devices has made them more useful. At the same time, however, it has created a vulnerability: In theory, a malicious agent could remotely hack a pacemaker, causing it to deliver a lethal shock. The same goes for the other classes of implantable medical devices, from defibrillators to brain stimulators to drug pumps. Deranged implant hackers could exploit security holes in those, too, causing injury or death.
It might seem a far-fetched scenario—no such attacks have been documented to date—but with the Federal Communications Commission having recently moved implantable medical devices (IMDs) to a new frequency band, making it possible to communicate with them at greater distances, it’s not a bad time to start thinking about how to foil an implant hacker. Nor is it a niche problem—millions of Americans have such devices, and another 300,000 are implanted globally each year.
Researchers at MIT and University of Massachusetts-Amherst have collaborated to design a new system that would help prevent such hypothetical attacks. They envision a device that someone with a pacemaker (or drug pump, or defibrillator) could wear that would act as a jammer against unauthorized signals in the implant’s operating frequency. This device—a “shield,” the authors call it in a paper they plan to present at the Association for Computing Machinery’s upcoming Sigcomm conference—could simultaneously send and receive signals in the same frequency band, something not possible with ordinary wireless technology. In their paper, they call their dual functioning device a “jammer-cum-receiver.”
Aren’t there enough real cyberthreats out there for it to be silly for researchers to be worrying about imagined ones? Not at all, said Stefan Savage, a UC San Diego cryptographer. He told MIT News, “This is exactly the time when you want to do this kind of research….You don’t want to do it when there’s an active threat.”
And indeed, MIT and UMass aren’t the only ones who have been exploring obscure boundary between health and cybersecurity. There is a wealth of colorful research that explores the give-and-take between security and utility in medical devices. (One researcher, for instance, suggests tattooing security keys on patients with ultraviolet micropigmentation.) The MIT/UMass group says that what sets their research apart from others’ is that they present “the first system that defends existing commercial IMDs against adversaries who eavesdrop on transmissions or send unauthorized commands.”
By no means is there overweening demand for such a jammer/receiver currently. As Savage noted, “Value in the information-security market gets created by one of two people: bad guys, or regulatory bodies.” So unless Congress or the FDA starts taking an active interest in what for now is a hypothetical problem, it sadly may take the first implant hack before this research is taken seriously by the public, and by extension, manufacturers.
The 50-year-old problem that eludes theoretical computer science
A solution to P vs NP could unlock countless computational problems—or keep them forever out of reach.
The moon didn’t die as early as we thought
Samples from China’s lunar lander could change everything we know about the moon’s volcanic record.
Forget dating apps: Here’s how the net’s newest matchmakers help you find love
Fed up with apps, people looking for romance are finding inspiration on Twitter, TikTok—and even email newsletters.
Inside the machine that saved Moore’s Law
The Dutch firm ASML spent $9 billion and 17 years developing a way to keep making denser computer chips.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.