Pacemaker firewall protects implants against hacking

Researchers in the US have created a pacemaker firewall to protect wireless medical implants against hacking.

The engineers at Purdue and Princeton universities have developed a prototype device designed to work with implants such as heart regulators or insulin delivery systems that have wireless data links for downloading data or upgrading software.

This wireless access also provides a link for hackers to cause the devices to malfunction, harming or even killing their owners — although the researchers stressed the risk of such attacks was low.

‘You could imagine all sorts of scary possibilities,’ said Purdue’s Prof Anand Raghunathan, one of the leaders of the team, which is among several groups that have demonstrated the weaknesses of wireless implants.

‘What motivated us to work on this problem was the ease with which we were able to break into wireless medical systems.’

Brain implants to control epilepsy and advanced prosthetics that use electronic chips also could be hacked, said his co-researcher, Princeton’s Prof Niraj K Jha.

‘Very little work exists on this important topic, and the security vulnerabilities of such systems are not well understood,’ he added.

The new device, called MedMon (medical monitor), which has been developed as a proof of concept and would need to be miniaturised, is designed to act as a firewall to stop hackers from hijacking the devices and would work with existing implants.

‘It’s an additional device that you could wear, so you wouldn’t need to change any of the existing implantable devices,’ said Raghunathan. ‘This could be worn as a necklace or it could be integrated into your cell phone, for example.’

The MedMon prototype, which the researchers say has been shown to protect an insulin pump from hacking, is designed to monitor communications going in and out of any implantable or wearable medical device and to detect anomalous transmissions.

Once potentially malicious activity is identified, the firewall can raise an alarm to the user or block rogue transmissions from reaching the medical device by using electronic jamming similar to technology used in military systems.

‘This is still not going to solve privacy concerns,’ said Raghunathan. ‘Someone could still learn that you have a medical device, but hopefully they are not going to be able to do anything bad to you. It is extremely difficult to make a system completely impregnable.’

Two other potential solutions the researchers have described are a cryptographic technique used in keyless car entry systems and ‘body-coupled communication’, which involves transmitting signals on a patient’s skin.