Consider the pacemaker. A marvel of modern technology, the pacemaker uses electric pulses to regulate a person’s heartbeat. The latest generation of pacemakers, though, do even more than that. In addition to their direct medical function, the latest pacemakers also have wireless connections enabling them to transmit information for doctors to analyze. And they can receive signals in turn, enabling doctors to non-invasively alter a treatment regimen.
Turning medical devices into communications devices has made them more useful. At the same time, however, it has created a vulnerability: In theory, a malicious agent could remotely hack a pacemaker, causing it to deliver a lethal shock. The same goes for the other classes of implantable medical devices, from defibrillators to brain stimulators to drug pumps. Deranged implant hackers could exploit security holes in those, too, causing injury or death.
It might seem a far-fetched scenario—no such attacks have been documented to date—but with the Federal Communications Commission having recently moved implantable medical devices (IMDs) to a new frequency band, making it possible to communicate with them at greater distances, it’s not a bad time to start thinking about how to foil an implant hacker. Nor is it a niche problem—millions of Americans have such devices, and another 300,000 are implanted globally each year.
Researchers at MIT and University of Massachusetts-Amherst have collaborated to design a new system that would help prevent such hypothetical attacks. They envision a device that someone with a pacemaker (or drug pump, or defibrillator) could wear that would act as a jammer against unauthorized signals in the implant’s operating frequency. This device—a “shield,” the authors call it in a paper they plan to present at the Association for Computing Machinery’s upcoming Sigcomm conference—could simultaneously send and receive signals in the same frequency band, something not possible with ordinary wireless technology. In their paper, they call their dual functioning device a “jammer-cum-receiver.”
Aren’t there enough real cyberthreats out there for it to be silly for researchers to be worrying about imagined ones? Not at all, said Stefan Savage, a UC San Diego cryptographer. He told MIT News, “This is exactly the time when you want to do this kind of research….You don’t want to do it when there’s an active threat.”
And indeed, MIT and UMass aren’t the only ones who have been exploring obscure boundary between health and cybersecurity. There is a wealth of colorful research that explores the give-and-take between security and utility in medical devices. (One researcher, for instance, suggests tattooing security keys on patients with ultraviolet micropigmentation.) The MIT/UMass group says that what sets their research apart from others’ is that they present “the first system that defends existing commercial IMDs against adversaries who eavesdrop on transmissions or send unauthorized commands.”
By no means is there overweening demand for such a jammer/receiver currently. As Savage noted, “Value in the information-security market gets created by one of two people: bad guys, or regulatory bodies.” So unless Congress or the FDA starts taking an active interest in what for now is a hypothetical problem, it sadly may take the first implant hack before this research is taken seriously by the public, and by extension, manufacturers.