Comment

December 2009

Ultrasound for pacemakers adds safety from hackers

Manufacturers have started adding wireless capabilities to many implantable medical devices, including pacemakers and cardioverter defibrillators, which allows doctors to access vital information and send commands to these devices quickly. However, researchers have security concerns that it could also make them vulnerable to attack.

Technology Review reported researchers from the Swiss Federal Institute of Technology in Zürich and the French National Institute for Research in Computer Science and Control have developed a scheme for protecting implantable medical devices against wireless attacks. The approach relies on using ultrasound waves to determine the exact distance between a medical device and the wireless reader attempting to communicate with it.

The potential risks of enabling radio communication in implantable medical devices were first highlighted by Kevin Fu, an assistant professor of computer science at the University of Massachusetts, Amherst, and Tadayoshi Kohno, an assistant professor of computer science at the University of Washington. They showed how to glean information from such a device, how to drain its batteries remotely, and how to make it malfunction in dangerous ways. The two researchers stress that the threat is minimal now, but argue it is vital to find ways to protect wireless medical devices.

Claude Castelluccia, a senior research scientist at the French National Institute who was involved with designing the new access-control system, said any scheme designed to protect medical devices has to balance preventing unauthorized access with ease of use for medical staff.

Castelluccia and his colleagues came up with the idea of restricting access to implantable medical devices depending on the physical proximity of the communicating device. Under their plan, a device will always be accessible from up to 10 meters away, and will normally enforce a series of authentication steps before allowing access. In an emergency, however, it will grant access to anyone who is physically close (within about three centimeters).

Other researchers have suggested requiring wireless reading devices to be physically close to an implant in order to access it. Castelluccia said attackers can get around this by using a strong radio transmitter to mimic close proximity. His plan calls for ultrasound waves to be used in addition to radio signals—the speed of sound allows the device to calculate with confidence how far away the reader is.

Castelluccia said the device only needs a microphone in order to detect the ultrasound, and he does not expect the protocol to consume much power.