Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

David Zax

A View from David Zax

Implant Hackers? Cybersecurity Meets Medicine

Researchers have proposed a device that would stop anyone from hacking your pacemaker.

  • June 20, 2011

Consider the pacemaker. A marvel of modern technology, the pacemaker uses electric pulses to regulate a person’s heartbeat. The latest generation of pacemakers, though, do even more than that. In addition to their direct medical function, the latest pacemakers also have wireless connections enabling them to transmit information for doctors to analyze. And they can receive signals in turn, enabling doctors to non-invasively alter a treatment regimen.

Turning medical devices into communications devices has made them more useful. At the same time, however, it has created a vulnerability: In theory, a malicious agent could remotely hack a pacemaker, causing it to deliver a lethal shock. The same goes for the other classes of implantable medical devices, from defibrillators to brain stimulators to drug pumps. Deranged implant hackers could exploit security holes in those, too, causing injury or death.

It might seem a far-fetched scenario—no such attacks have been documented to date—but with the Federal Communications Commission having recently moved implantable medical devices (IMDs) to a new frequency band, making it possible to communicate with them at greater distances, it’s not a bad time to start thinking about how to foil an implant hacker. Nor is it a niche problem—millions of Americans have such devices, and another 300,000 are implanted globally each year.

Researchers at MIT and University of Massachusetts-Amherst have collaborated to design a new system that would help prevent such hypothetical attacks. They envision a device that someone with a pacemaker (or drug pump, or defibrillator) could wear that would act as a jammer against unauthorized signals in the implant’s operating frequency. This device—a “shield,” the authors call it in a paper they plan to present at the Association for Computing Machinery’s upcoming Sigcomm conference—could simultaneously send and receive signals in the same frequency band, something not possible with ordinary wireless technology. In their paper, they call their dual functioning device a “jammer-cum-receiver.”

Aren’t there enough real cyberthreats out there for it to be silly for researchers to be worrying about imagined ones? Not at all, said Stefan Savage, a UC San Diego cryptographer. He told MIT News, “This is exactly the time when you want to do this kind of research….You don’t want to do it when there’s an active threat.”

And indeed, MIT and UMass aren’t the only ones who have been exploring obscure boundary between health and cybersecurity. There is a wealth of colorful research that explores the give-and-take between security and utility in medical devices. (One researcher, for instance, suggests tattooing security keys on patients with ultraviolet micropigmentation.) The MIT/UMass group says that what sets their research apart from others’ is that they present “the first system that defends existing commercial IMDs against adversaries who eavesdrop on transmissions or send unauthorized commands.”

By no means is there overweening demand for such a jammer/receiver currently. As Savage noted, “Value in the information-security market gets created by one of two people: bad guys, or regulatory bodies.” So unless Congress or the FDA starts taking an active interest in what for now is a hypothetical problem, it sadly may take the first implant hack before this research is taken seriously by the public, and by extension, manufacturers.

Tech Obsessive?
Become an Insider to get the story behind the story — and before anyone else.

Subscribe today

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe and become an Insider.
  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

    Bimonthly digital/PDF edition

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special interest publications

    Discount to MIT Technology Review events

    Special discounts to select partner offerings

    Ad-free web experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

  • Insider Online Only {! insider.prices.online !}*

    {! insider.display.menuOptionsLabel !}

    Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.