15 June 2011
Medical implants made hacker-proof
by Kate Melville
Implantable medical devices are big business, from pacemakers and defibrillators to brain stimulators and drug pumps; worldwide, around 300,000 people receive them every year. Most of these devices have wireless connections, so that doctors can monitor patients' vital signs or revise treatment regimes. But recent research has shown that this leaves the devices vulnerable to attack: a malicious hacker could kill a victim by instructing an implantable device to deliver lethal doses of medication or electricity. Adding to these concerns, the FCC has recently moved implantable wireless medical devices to a new frequency band that makes communication with them possible across much greater distances.
Researchers from MIT and the University of Massachusetts-Amherst believe they have a solution, however. They propose using a second transmitter to jam unauthorized signals in an implant's operating frequency, permitting only authorized users to communicate with it. Because the jamming transmitter, rather than the implant, would handle encryption and authentication, the system would work even with existing implants.
The researchers envision that the jamming transmitter - which they call a shield - would be small enough to wear as a necklace or a watch. A device authorized to access the implant would send encrypted instructions to the shield, which would decode and relay them.
Today's implantable medical devices weren't built with malicious attacks in mind, so they don't have built-in encryption. But even in the future, says MIT's Dina Katabi, handling encryption externally could still prove more practical than building it directly into implants. "It's hard to put [encryption] on these devices. There are many of these devices that are really small, so for power reasons, for form-factor reasons, it might not make sense to put the [encryption] on them."
Moreover, Katabi points out, building encryption directly into the devices could be dangerous. In an emergency, doctors might need to communicate with the implant of an incapacitated patient, to retrieve data or send new instructions. Retrieving an encryption key from the patient's regular medical provider could introduce fatal delays, but with the shield system, an emergency responder would simply remove the patient's shield.
The key to the system, Katabi explains, is a new technique that allows the shield to simultaneously send and receive signals in the same frequency band. With ordinary wireless technology, that's not possible: The transmitted signal would interfere with the received signal, rendering it unintelligible. Researchers at Stanford University recently demonstrated a transmitter that could send and receive at the same time, but it required three antennas whose distance from each other depended on the wavelength at which they were operating. For medical-device frequencies, the antennas would have to be about a half a meter apart, making it impossible to miniaturize the shield.
The shield system uses only two antennas and clever signal processing that does away with the need to separate them. "Think of the jamming signal that we are creating as a secret key," Katabi explains. "Everyone who doesn't know the secret key just sees a garbage signal." Because the shield knows the shape of its own jamming signal, however, it can, in effect, subtract it from the received signal.
Katabi acknowledges that no such attacks have been documented to date, but security experts think the research is valuable. "This is exactly the time when you want to do this kind of research," says Stefan Savage, a professor in the Security and Cryptography department at the University of California at San Diego. "You don't want to do it when there's an active threat." He says the question is whether manufacturers will have an incentive to absorb the cost of deploying it. "Value in the information-security market gets created by one of two people: bad guys, or regulatory bodies."