Communications of the ACM
Encrypted Heartbeats Keep Hackers from Medical Implants
Researchers have devised a way of using a person's own heartbeat to prevent hackers from taking control of an implanted defibrillator.
Credit: Protein.in
Security researchers have shown that they can reprogram an implanted defibrillator to stay inactive despite a cardiac emergency, deliver a 700-volt shock when not required, or drain its battery. Rice University researchers have now found a solution that involves using a heartbeat reading as a way to confirm that whoever is trying to reprogram or download data from a device is in direct contact with the patient and is not a remote hacker.
Using this method, a doctor holds a device against the patient's body and takes a direct reading of the heartbeat. The device measures the patient's heartbeat and compares it to one relayed in a wireless signal from the implant, and confirms that the signals match. The wireless exchange of the heartbeat signal is encrypted, stopping any attempt to hijack the communications during the exchange.
"Given the unique constraints that implantable medical devices face, it is important to tailor security approaches specifically for them, and that's what this technology does," says former Rice University researcher Kevin Fu.
Although paramedics do not normally interact with implanted devices, in the future it might be valuable for them to have the ability to download data from such devices in order to diagnose a condition in an emergency.
From Technology Review
View Full Article
Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA
No entries found