The Engineer

Jamming transmitter protects medical implants from hackers

News

Researchers from MIT and the University of Massachusetts-Amherst (UMass) have developed a new system to prevent devices such as pacemakers from unauthorised attacks.

Most pacemakers and defibrillators have wireless connections, so that doctors can monitor patients’ vital signs or revise treatment programmes. But recent research has shown that this leaves the devices vulnerable to attack.

The new system uses a second transmitter to jam unauthorised signals in an implant’s operating frequency, permitting only authorised users to communicate with it.

Because the jamming transmitter, rather than the implant, would handle encryption and authentication, the system would work even with existing implants.

The researchers envision that the jamming transmitter — which they call a shield — would be small enough to wear as a necklace or a watch. A device authorised to access the implant would send encrypted instructions to the shield, which would decode and relay them.

Today’s implantable medical devices were not built with hostile attacks in mind, so they do not have built-in encryption. But even in the future, said Dina Katabi, an associate professor in MIT’s Department of Electrical Engineering and Computer Science, handling encryption externally could still prove more practical than building it directly into implants.

Indeed, building encryption directly into the devices could be dangerous. In an emergency, medical providers might need to communicate with the implant of an incapacitated patient, and retrieving an encryption key from the patient’s medical provider could introduce fatal delays. But with the MIT-UMass system, an emergency responder would simply remove the patient’s shield.

Whether medical-device companies will invest in such security systems — and whether patients will be willing to carry shields around with them — probably depends on how grave they consider the threat of attack to be. Katabi acknowledges that no such attacks have been documented to date. On the other hand, the US Federal Communications Commission has recently moved implantable medical devices to a new frequency band that makes wireless communication with them possible across much greater distances.