Skip to Content

Implant Hackers? Cybersecurity Meets Medicine

Researchers have proposed a device that would stop anyone from hacking your pacemaker.
June 20, 2011

Consider the pacemaker. A marvel of modern technology, the pacemaker uses electric pulses to regulate a person’s heartbeat. The latest generation of pacemakers, though, do even more than that. In addition to their direct medical function, the latest pacemakers also have wireless connections enabling them to transmit information for doctors to analyze. And they can receive signals in turn, enabling doctors to non-invasively alter a treatment regimen.

Turning medical devices into communications devices has made them more useful. At the same time, however, it has created a vulnerability: In theory, a malicious agent could remotely hack a pacemaker, causing it to deliver a lethal shock. The same goes for the other classes of implantable medical devices, from defibrillators to brain stimulators to drug pumps. Deranged implant hackers could exploit security holes in those, too, causing injury or death.

It might seem a far-fetched scenario—no such attacks have been documented to date—but with the Federal Communications Commission having recently moved implantable medical devices (IMDs) to a new frequency band, making it possible to communicate with them at greater distances, it’s not a bad time to start thinking about how to foil an implant hacker. Nor is it a niche problem—millions of Americans have such devices, and another 300,000 are implanted globally each year.

Researchers at MIT and University of Massachusetts-Amherst have collaborated to design a new system that would help prevent such hypothetical attacks. They envision a device that someone with a pacemaker (or drug pump, or defibrillator) could wear that would act as a jammer against unauthorized signals in the implant’s operating frequency. This device—a “shield,” the authors call it in a paper they plan to present at the Association for Computing Machinery’s upcoming Sigcomm conference—could simultaneously send and receive signals in the same frequency band, something not possible with ordinary wireless technology. In their paper, they call their dual functioning device a “jammer-cum-receiver.”

Aren’t there enough real cyberthreats out there for it to be silly for researchers to be worrying about imagined ones? Not at all, said Stefan Savage, a UC San Diego cryptographer. He told MIT News, “This is exactly the time when you want to do this kind of research….You don’t want to do it when there’s an active threat.”

And indeed, MIT and UMass aren’t the only ones who have been exploring obscure boundary between health and cybersecurity. There is a wealth of colorful research that explores the give-and-take between security and utility in medical devices. (One researcher, for instance, suggests tattooing security keys on patients with ultraviolet micropigmentation.) The MIT/UMass group says that what sets their research apart from others’ is that they present “the first system that defends existing commercial IMDs against adversaries who eavesdrop on transmissions or send unauthorized commands.”

By no means is there overweening demand for such a jammer/receiver currently. As Savage noted, “Value in the information-security market gets created by one of two people: bad guys, or regulatory bodies.” So unless Congress or the FDA starts taking an active interest in what for now is a hypothetical problem, it sadly may take the first implant hack before this research is taken seriously by the public, and by extension, manufacturers.

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

This baby with a head camera helped teach an AI how kids learn language

A neural network trained on the experiences of a single young child managed to learn one of the core components of language: how to match words to the objects they represent.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.