MIT designing system to protect implants against wireless attacks
By Ben Coxworth
June 15, 2011
An assassin waits for his target to walk into range, then presses a button on a radio transmitter, causing the target's pacemaker to deliver a lethal dose of electricity. Such a scenario may be fictional for now, but as more and more medical implants are designed to wirelessly send and receive data, it becomes increasingly possible. Researchers at the Massachusetts Institute of Technology (MIT) are certainly aware of the dangers of wireless attacks on implants, so they've developed a countermeasure - a wearable signal jamming device.
Many implantable devices are now wireless-enabled, so that doctors can check patients' vital signs, change the rhythm of pacemakers, the dosage of drug pumps, or make other adjustments. According to recent research, however, a hostile party could use that wireless capability to instruct those devices to harm the patient - and perhaps even kill them - from a distance.
The MIT team, who are collaborating with colleagues from the University of Massachusetts-Amherst, believe that a small signal jamming device could prevent against such attacks. Called a "shield," the patient would wear it like a necklace or wristwatch. When doctors or other users of "authorized devices" wanted to send instructions to the implant, their devices' jammed signal would first go to the shield, which would authenticate and decode it, then send it along to the implant. Signals from unauthorized devices would simply stay garbled and useless.
Lab tests have already shown some promise, using second-hand implantable defibrillators, and standard radio transmitters acting as stand-ins for the shield. The technology is unique, in that the system is able to simultaneously send and receive a signal on the same frequency. The jamming signal is added to incoming signals, but if they are authenticated, it is then removed. Ordinarily, sending and receiving on the same frequency wouldn't be possible, but a unique signal processing system allows it to happen in this case.
Although some people might think that it would be simpler to just build an encryption function directly into the implants, this would require the devices to draw more power, and could alter their physical form. Emergency response crews would also be unable to communicate with a patient's implant, unless they were able to obtain that person's "secret code" - if the encryption was handled by a wearable shield, however, that shield could just be removed and disabled. Additionally, a shield could be used to protect existing implants, that weren't designed with attacks in mind.
One of the biggest challenges in developing the technology, it turns out, could be getting manufacturers to see the value in it. So far, there have been no reported wireless attacks on implants, and not many people are likely to see themselves as potential targets. That could change, however, as the U.S. Federal Communications Commission recently moved wireless implants onto a new frequency, that allows them to be accessed over longer distances.