Breaking News
News & Analysis

Foiling Medical Implant Hackers

9/24/2013 06:15 PM EDT
22 comments
NO RATINGS
2 saves
More Related Links
View Comments: Threaded | Newest First | Oldest First
krisi
User Rank
CEO
encryption
krisi   9/24/2013 6:41:23 PM
NO RATINGS
pretty cool encryption scheme...so what happens when your heart beats changes its rythm and encryption fails?

krisi
User Rank
CEO
Re: encryption
krisi   9/24/2013 6:42:38 PM
NO RATINGS
never mind my question, i get it now

R_Colin_Johnson
User Rank
Blogger
Re: encryption
R_Colin_Johnson   9/25/2013 6:32:56 AM
NO RATINGS
Kris, thanks for giving me the opportunity to point out one of the coolest aspects of our commenting system--you can actually go back and edit or even delete a previous post. Just click the Edit/Delete button below your post, change it as needed, then click the big Update button and you're done!

krisi
User Rank
CEO
Re: encryption
krisi   9/25/2013 8:01:37 AM
NO RATINGS
Thank you Colin, good to know! Kris

rick merritt
User Rank
Blogger
Cool idea!
rick merritt   9/24/2013 8:20:57 PM
NO RATINGS
Cool idea!

daleste
User Rank
CEO
Re: Cool idea!
daleste   9/24/2013 9:14:59 PM
NO RATINGS
Similar to the car hacking article a few weeks ago.  These devices should have some security, but it seems unlikely that anyone would go to the trouble to hack in to your pacemaker.  Of course, with Obamacare, you probably won't be allowed to get one anyway.

Susan Rambo
User Rank
Blogger
Re: Cool idea!
Susan Rambo   9/24/2013 11:18:39 PM
NO RATINGS
Perhaps it is a blot for a good murder mystery.

Sanjib.A
User Rank
CEO
Re: Cool idea!
Sanjib.A   9/25/2013 12:16:22 AM
NO RATINGS
Never thought a person's pacemaker could be hacked!! :)

Great work by the Professor and the doctoral candidate of the Rice university!! Can this kind of encryption technique be applied into other fields for secured systems?

R_Colin_Johnson
User Rank
Blogger
Re: Cool idea!
R_Colin_Johnson   9/25/2013 6:44:09 AM
NO RATINGS
The good doctor and her student told me that there is much concern that high-profile people could become targets of hackers because of the wide availability of wireless surveilance equipment. They are currently hawking their algorithm to makers of pacemakers, insulin pumps, defibrillators, neural implants, and drug delivery systems.

Beyond implants, since the heartbeat is being used as a random number generator, it is conceivable that the technique could be used in other forms ofr cryptography where the sender and receiver automatically generate the same secret key.

junko.yoshida
User Rank
Blogger
Re: Cool idea!
junko.yoshida   9/25/2013 8:38:53 AM
NO RATINGS
Yep, Susan, it's definitely a good plot! I would love to read a myestery on that premise!

R_Colin_Johnson
User Rank
Blogger
Re: Cool idea!
R_Colin_Johnson   9/25/2013 6:29:46 AM
NO RATINGS
You are probably right, but the Secret Service was allegedly concerned about Dick Cheney having his pacemaker hacked and is specifically mentioned in a 2008 report in the New York Times:

A Heart Device Is Found Vulnerable to Attackers

http://www.nytimes.com/2008/03/12/business/12heart-web.html

 

 

Caleb Kraft
User Rank
Blogger
Re: Cool idea!
Caleb Kraft   9/25/2013 2:02:57 PM
NO RATINGS
Hacking a pacemaker is something that has been researched and proven to be possible. The problem is though, it is a lot of effort when a good EMP would do the job just as well. there just isn't much benefit to hacking them.

That doesn't mean people won't do it though!

R_Colin_Johnson
User Rank
Blogger
Re: Cool idea!
R_Colin_Johnson   9/25/2013 2:17:04 PM
NO RATINGS
Your're right. And as more and more get implants, the temptation  to hackers will increase.

Skyye
User Rank
Rookie
Re: Cool idea!
Skyye   10/3/2013 9:29:26 PM
NO RATINGS
Hello everyone, please excuse me to interrupt the middle of the conversation. I am Debby, a student studying in journalism from Taiwan. I wold like to write an article about this, due to the lack of medical background, I want to ask:  Is hacking implanted medical device a serious issue in the State? 



R_Colin_Johnson
User Rank
Blogger
Re: Cool idea!
R_Colin_Johnson   10/3/2013 9:38:01 PM
NO RATINGS
@ Skyye " Is hacking implanted medical device a serious issue in the States?"

So far most of the hacking has been done by engineers trying to prove that it is possible, so that the companies making the implants will be forced to provide security before it becomes a problem. Many security techniques have been proposed, which prompts engineers to by to crack those protection schemes--just to prove that they are crackable However, I don't know of any serious incidents of malicious hacking of an implant inside a person to harm that individual.

 

junko.yoshida
User Rank
Blogger
Re: Cool idea!
junko.yoshida   9/25/2013 8:41:36 AM
NO RATINGS
Indeed, this seems like a cool idea...but as we all know too well, most device makers won't do much about the so-called security (even though they should), until some truly traumatic and tragic accidents happen. 

prabhakar_deosthali
User Rank
CEO
Re:
prabhakar_deosthali   9/25/2013 7:38:05 AM
NO RATINGS
I am just imagining a scenario where the hacker hijacks a high profile person and using the same technique of touch-to-access is able to generate that key to be able to reprogram the implants in a malicious way.

It could become a tool to get some ransom out of hijacking the high profile people!

 

R_Colin_Johnson
User Rank
Blogger
Re:
R_Colin_Johnson   9/25/2013 12:14:09 PM
NO RATINGS
prabhakar_deosthali re: "I am just imagining a scenario where the hacker hijacks a high profile person"

The hacker would have to be touching the person with an ECG probe for 12 seconds to successfully "hijack" the random number and then negociate a secure wireless connection--which doesn't seem long, but if you count it down on a clock seems much longer. Nevertheless, I do see your point that some scenario could make that possible. 

rick merritt
User Rank
Blogger
Re:
rick merritt   9/26/2013 9:44:46 AM
NO RATINGS
@Prabhakar: I don't know how realistic your hijack scenario is, but it would make a grreat scene in a thriller novel!

Some Guy
User Rank
CEO
Just Say No
Some Guy   9/25/2013 6:03:20 PM
NO RATINGS
Just because there is an Internet of Things doesn't mean that my medical device has to be on it. There are plenty of non-contact options that obviate this kind of attack. If you are requiring that an authorized reader be in touch contact with the patient, why one of those? WiFi, Wi-Max and Bluetooth aren't the only things out there.

R_Colin_Johnson
User Rank
Blogger
Re: Just Say No
R_Colin_Johnson   9/25/2013 6:30:57 PM
NO RATINGS
You make a good point. The implant industry is increasingly going wireless, so in that sense requiring touch for 12 seconds in order to establish a secure connection is a bit of a step back, although in the doctor's office it probably would not be much of an inconvenience.

p_g
User Rank
Rookie
Re: Just Say No
p_g   9/26/2013 1:27:30 AM
NO RATINGS
By going wireless all we are trying to do is prevent another minor surgery to operate device, and easing out reprograming. Touching doesn't defeat the purpose of wireless in medical equipment. I dont think we can consider it as step back.

Flash Poll
Like Us on Facebook

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
EE Times on Twitter
EE Times Twitter Feed
Top Comments of the Week