Ultrasound Encryption Prevents Pacemaker Hacking in Lab Tests

Researchers implanted a medical device in the abdominal wall of a cow to test a new authentication system. Image courtesy of ETH Zürich

In recent years, device manufacturers have been adding wireless functionality to a growing number of devices such as pacemakers and cardioverter defibrillators. The wireless connectivity enables physicians to access patient data and facilitates routine activities such as calibration. But the wireless functionality also leaves the devices open to potentially dangerous attacks and information breaches from hackers.

Researchers from the Swiss Federal Institute of Technology in Zürich and the French National Institute for Research in Computer Science and Control have developed a strategy using ultrasound encryption to prevent wireless hacking of implantable medical devices such as pacemakers. The technique proved successful in a number of tests in an emulated patient environment (in the abdominal wall of a cow, pictured left).

The researchers’ encryption strategy relies on the use of ultrasound waves to determine the distance between a medical device and the wireless reader attempting to communicate with it. Wireless readers up to 10 metres away from the device that comply with an authentication protocol are allowed to communicated with it; other devices are blocked. In the case of an emergency such as a heart attack, the protocol grants access to any device located close to the patient.

More information on the research is available from the Technology Review. In August, the Technology Review also ran an article on Kevin Fu’s work to prevent hacking of medical devices. Fu, an assistant professor of computer science at the University of Massachusetts, Amherst, and Tadayoshi Kohno, an assistant professor of computer science at the University of Washington, were the first to point out the wireless security risk for implantable medical devices.

The French and Swiss researchers’ paper detailing the research is available in PDF format.

Tags: encryption, ETH Zurich, French National Institute for Research in Computer Science and Control, pacemaker, pacemakers, security, Swiss Federal Institute of Technology, ultrasonic communication, wireless security